diff --git a/.gitignore b/.gitignore index 62370c2..516249d 100644 --- a/.gitignore +++ b/.gitignore @@ -21,5 +21,7 @@ pki-ca-root.json cert_key_list nohup.out +aws.credentials + *.pem *.csr \ No newline at end of file diff --git a/GETTING_STARTED.md b/GETTING_STARTED.md new file mode 100644 index 0000000..72a333b --- /dev/null +++ b/GETTING_STARTED.md @@ -0,0 +1,42 @@ +### Getting Started + +#### Deploying the Operator + +[//]: # (TODO: describe how this is a declarative adaptation of CFK's helm instructions. Also discuss the update script that we have and how version numbers of the components are also important) +Before you can deploy any of the deployment examples found in `./stable` and `./incubator`, we must first deploy the CFK Operator, and it's dependent CRDs. To deploy, from the root of this repository, run: + ```shell + kubectl apply --kustomize ./base/cfk-base/latest/crds && sleep 5 && kubectl apply --kustomize ./base/cfk-base/latest/templates + ``` + We have taken the approach to deploy the Operator at a cluster-wide level, to allow use to experiment with multi-tenant configurations + + +### Deploying the example +Unless otherwise started in the README.md of each example, it should be assumed that we will deploy the example by running + ```shell + export EXAMPLE=base-rbac + kubectl apply -kustomize ./stable/$EXAMPLE + ``` + + + + +4. Using a tool like [K9s](https://github.com/derailed/k9s) check the status of the pods: +```shell +➜ replicator git:(replicator) ✗ kubectl get pods -A +NAMESPACE NAME READY STATUS RESTARTS AGE +sandbox confluent-operator-d4bb8cbd6-qg4dq 1/1 Running 0 14m +sandbox console-producer-0 1/1 Running 1 14m +sandbox kafka-0 1/1 Running 1 13m +sandbox kafka-1 1/1 Running 0 13m +sandbox kafka-2 1/1 Running 0 13m +sandbox zookeeper-0 1/1 Running 0 13m +sandbox zookeeper-1 1/1 Running 0 13m +sandbox zookeeper-2 1/1 Running 0 13m +tools ldap 1/1 Running 1 14m +``` + + +### Tearing Down + +[//]: # (TODO: Describe recomendation to teardown and redeploy other examples) +minikube delete && minikube start --memory 24576 --cpus 12 diff --git a/README.md b/README.md index 80159a7..08fae2f 100644 --- a/README.md +++ b/README.md @@ -51,24 +51,6 @@ You will need a Kubernetes cluster version 1.16 or newer and kubectl version 1.1 -## Examples - -Before you can deploy any of the deployment examples found in `./examples`, we must first deploy the Confluent-specific CRDs. To deploy, from the root of this repository, run: -```shell - $ kubectl apply --kustomize ./kustomize/crds -``` - -### CFK Deployments - * [Vault PKI integration with dynamic SSL](https://github.com/osodevops/confluent-kubernetes-playground/tree/main/examples/basic-pki-vault) - * [Basic CFK install with auto generated certificates](https://github.com/osodevops/confluent-kubernetes-playground/tree/main/examples/basic) - * [Kafka Connect GCP Spanner in CFK](https://github.com/osodevops/confluent-kubernetes-playground/tree/main/examples/custom-connect-gcp-connectors) - * [Kafka Connect SQL Server in CFK](https://github.com/osodevops/confluent-kubernetes-playground/tree/main/examples/custom-connect-sql) - * [Monitoring Kakfa CFK with JMX Prometheus and Grafana](https://github.com/osodevops/confluent-kubernetes-playground/tree/main/examples/elk-logging) - * [RBAC enabled CFK cluster wth OpenLDAP](https://github.com/osodevops/confluent-kubernetes-playground/tree/main/examples/rbac) - * [Cloud to Cloud replication using Confluent replicator in CFK](https://github.com/osodevops/confluent-kubernetes-playground/tree/main/examples/replicator) - * [User provided mTLS for Kafka in CFK](https://github.com/osodevops/confluent-kubernetes-playground/tree/main/examples/userprovided-mtls) - * [Vault enabled secrets store for Kafka](https://github.com/osodevops/confluent-kubernetes-playground/tree/main/examples/vault-key-value) - diff --git a/README.yaml b/README.yaml index 3ad734b..780df24 100755 --- a/README.yaml +++ b/README.yaml @@ -27,13 +27,11 @@ usage: |- * [Minikube](https://minikube.sigs.k8s.io/docs/start/) # Example usage -examples: |- - Before you can deploy any of the deployment examples found in `./examples`, we must first deploy the Confluent-specific CRDs. To deploy, from the root of this repository, run: - ```shell - $ kubectl apply --kustomize ./kustomize/crds - ``` +Examples: |- - ### CFK Deployments + All Examples will require the steps mentioned in [GETTING_STARTED.md](https://github.com/osodevops/confluent-kubernetes-playground/tree/main/GETTING_STARTED.md) run prior to deploying the example + + ### Stable CFK Deployments * [Vault PKI integration with dynamic SSL](https://github.com/osodevops/confluent-kubernetes-playground/tree/main/examples/basic-pki-vault) * [Basic CFK install with auto generated certificates](https://github.com/osodevops/confluent-kubernetes-playground/tree/main/examples/basic) * [Kafka Connect GCP Spanner in CFK](https://github.com/osodevops/confluent-kubernetes-playground/tree/main/examples/custom-connect-gcp-connectors) diff --git a/base/cfk-base/2.0.0/crds/kustomization.yaml b/base/cfk-base/2.0.0/crds/kustomization.yaml new file mode 100644 index 0000000..2ad3673 --- /dev/null +++ b/base/cfk-base/2.0.0/crds/kustomization.yaml @@ -0,0 +1,13 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - platform.confluent.io_confluentrolebindings.yaml + - platform.confluent.io_connects.yaml + - platform.confluent.io_controlcenters.yaml + - platform.confluent.io_kafkarestclasses.yaml + - platform.confluent.io_kafkas.yaml + - platform.confluent.io_kafkatopics.yaml + - platform.confluent.io_ksqldbs.yaml + - platform.confluent.io_migrationjobs.yaml + - platform.confluent.io_schemaregistries.yaml + - platform.confluent.io_zookeepers.yaml diff --git a/base/cfk-base/2.0.0/crds/platform.confluent.io_confluentrolebindings.yaml b/base/cfk-base/2.0.0/crds/platform.confluent.io_confluentrolebindings.yaml new file mode 100644 index 0000000..fbd2bbf --- /dev/null +++ b/base/cfk-base/2.0.0/crds/platform.confluent.io_confluentrolebindings.yaml @@ -0,0 +1,252 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_confluentrolebindings.yaml + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: confluentrolebindings.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.state + name: Status + type: string + - JSONPath: .status.kafkaClusterId + name: KafkaClusterId + type: string + - JSONPath: .status.principal + name: Principal + type: string + - JSONPath: .status.role + name: Role + type: string + - JSONPath: .status.kafkaRestClass + name: KafkaRestClass + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.clusterRegistryName + name: ClusterRegistryName + priority: 1 + type: string + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: ConfluentRolebinding + listKind: ConfluentRolebindingList + plural: confluentrolebindings + shortNames: + - cfrb + - confluentrolebinding + singular: confluentrolebinding + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: ConfluentRolebinding is the Schema for the confluentrolebinding + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ConfluentRolebindingSpec defines the desired state of rolebinding + for cp component when rbac is enabled + properties: + clustersScopeByIds: + description: ClusterScope defines the scope of clustersId + properties: + connectClusterId: + minLength: 1 + type: string + kafkaClusterId: + minLength: 1 + type: string + ksqlClusterId: + minLength: 1 + type: string + schemaRegistryClusterId: + minLength: 1 + type: string + type: object + clustersScopeByRegistryName: + description: ClusterRegistryName defines the unique cluster name customer + registered in cluster registry + minLength: 1 + type: string + kafkaRestClassRef: + description: KafkaRestClassRef defines the reference for KafkaRestClass + which defines Kafka Rest API + properties: + name: + description: Name defines the name of KafkaRestClass + minLength: 1 + type: string + namespace: + description: Namespace defines the namespace of the KafkaRestClass + type: string + required: + - name + type: object + principal: + description: Principal defines the confluent rolebinding principal name + and the binding details. + properties: + name: + description: Name defines the name of the principal(user/group) + minLength: 1 + type: string + type: + enum: + - user + - group + type: string + required: + - name + - type + type: object + resourcePatterns: + description: ResourcePatterns define the qualified resources associated + with this rolebinding + items: + description: ResourcePattern define the qualified resource info associated + with this rolebinding + properties: + name: + description: Name defines the name of resource associated with + this rolebinding + minLength: 1 + type: string + patternType: + description: PatternType defines whether the pattern of resource + is PREFIXED or LITERAL, default is LITERAL if not set + enum: + - PREFIXED + - LITERAL + type: string + resourceType: + description: ResourceType defines the type of resource + minLength: 1 + type: string + required: + - name + - resourceType + type: object + type: array + role: + description: Role defines the name of the Role + minLength: 1 + type: string + required: + - principal + - role + type: object + status: + description: ConfluentRolebindingStatus defines the observed state of ConfluentRolebinding + properties: + clusterRegistryName: + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + kafkaClusterId: + type: string + kafkaRestClass: + type: string + mdsEndpoint: + type: string + principal: + type: string + resourcePatterns: + items: + description: ResourcePattern define the qualified resource info associated + with this rolebinding + properties: + name: + description: Name defines the name of resource associated with + this rolebinding + minLength: 1 + type: string + patternType: + description: PatternType defines whether the pattern of resource + is PREFIXED or LITERAL, default is LITERAL if not set + enum: + - PREFIXED + - LITERAL + type: string + resourceType: + description: ResourceType defines the type of resource + minLength: 1 + type: string + required: + - name + - resourceType + type: object + type: array + role: + type: string + state: + type: string + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.0.0/crds/platform.confluent.io_connects.yaml b/base/cfk-base/2.0.0/crds/platform.confluent.io_connects.yaml new file mode 100644 index 0000000..e8d9cdf --- /dev/null +++ b/base/cfk-base/2.0.0/crds/platform.confluent.io_connects.yaml @@ -0,0 +1,3106 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_connects.yaml + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: connects.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.replicas + name: Replicas + type: string + - JSONPath: .status.readyReplicas + name: Ready + type: string + - JSONPath: .status.phase + name: Status + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.kafka.bootstrapEndpoint + name: Kafka + priority: 1 + type: string + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: Connect + listKind: ConnectList + plural: connects + shortNames: + - connect + singular: connect + preserveUnknownFields: false + scope: Namespaced + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + validation: + openAPIV3Schema: + description: Connect is the Schema for the Connects API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ConnectSpec defines the desired state of Connect + properties: + authentication: + description: Rest server security fields + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic credential + through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on the + server side only. Changes will be only reflected in ControlCenter + (C3). This configuration is ignored on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on the + server side only. This configuration is ignored on the client + side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme for Rest + Server + enum: + - basic + - mtls + type: string + required: + - type + type: object + authorization: + description: Authorization + properties: + kafkaRestClassRef: + description: KafkaRestClassRef defines the reference for KafkaRestClass + which defines Kafka Rest API + properties: + name: + description: Name defines the name of KafkaRestClass + minLength: 1 + type: string + namespace: + description: Namespace defines the namespace of the KafkaRestClass + type: string + required: + - name + type: object + type: + enum: + - rbac + type: string + required: + - type + type: object + configOverrides: + description: ConfigurationOverrides defines capability to override server/jvm/log4j + properties for each Confluent platform component. Change will roll + the cluster + properties: + jvm: + description: JVM defines a list of jvm configuration supported by + application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported by + application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + connectorOverridePolicy: + description: ConnectorOverridePolicy allows policy to permit per-connector + override configuration for producer/consumer/admin prefix. More information + can be found here, https://docs.confluent.io/platform/current/connect/security.html#separate-principals + enum: + - All + - Principal + type: string + dependencies: + description: ConnectDependencies holds dependencies a connect requires + or can enable + properties: + admin: + description: configure admin client If bootstrapEndpoint is not + configured, the security is configured based on the kafka dependencies + configuration. Configure if different bootstrapEndpoint is required + for admin client + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + consumer: + description: Consumer security configuration to connect to Kafka + Cluster pointed by bootstrapEndpoint, used for sink connectors. + If bootstrapEndpoint is not configured, the security is configured + based on the kafka dependencies configuration. Configure if different + bootstrapEndpoint is required for consumer + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + interceptor: + description: configure confluent monitoring interceptor + properties: + configs: + description: Configs defines configs for the CP interceptor + Config override feature can be used to pass config + items: + type: string + type: array + consumer: + description: Consumer defines the consumer configuration for + interceptor. If not configured it will use the kafka dependency + configuration + properties: + authentication: + description: Authentication defines the authentication for + the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's + JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference + to pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete + JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability + to discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is + running Uses the same namespace where Operator is + running if not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side + TLS setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + enabled: + description: Enabled defines to enable the CP interceptor configuration + type: boolean + producer: + description: Producer defines the producer configuration for + interceptor. If not configured it will use the kafka dependency + configuration + properties: + authentication: + description: Authentication defines the authentication for + the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's + JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference + to pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete + JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability + to discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is + running Uses the same namespace where Operator is + running if not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side + TLS setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + publishMs: + type: integer + required: + - enabled + type: object + kafka: + description: Connect dependency for connecting to kafka. Uses discovery + if that specified + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: Mds configurations for when RBAC is enabled + properties: + authentication: + description: Authentication defines MDS authentication configuration + properties: + bearer: + description: BearerAuthentication defines bearer authentication + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines the authentication type support + for MDS + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: Endpoint defines the mds endpoint + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: TokenKeyPair defines the token keypair to configure + MDS + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - authentication + - endpoint + - tokenKeyPair + type: object + producer: + description: Producer security configuration to connect to Kafka + Cluster pointed by bootstrapEndpoint, used for source connectors. + If bootstrapEndpoint is not configured, the security is configured + based on the kafka dependencies configuration. Configure if different + bootstrapEndpoint/security is required for producer + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + schemaRegistry: + description: configure connect dependency for schemaregistry + properties: + authentication: + description: Authentication defines the authentication for the + schemaregistry cluster + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass + basic credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles + on the server side only. Changes will be only reflected + in ControlCenter (C3). This configuration is ignored + on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is ignored + on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for schemaregistry cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - url + type: object + type: object + enableSchemas: + description: EnableSchemas defines whether to enable scheme or not + type: boolean + externalAccess: + description: CPExternalAccess holds all external access policies for + non-kafka components + properties: + ingress: + description: Ingress allows to create a ingress service Not implemented + yet! + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type ingress service + type: object + spec: + description: IngressSpec describes the Ingress the user wishes + to exist. + properties: + backend: + description: A default backend capable of servicing requests + that don't match any rule. At least one of 'backend' or + 'rules' must be specified. This field is optional to allow + the loadbalancer controller or defaulting logic to specify + a global default. + properties: + resource: + description: Resource is an ObjectRef to another Kubernetes + resource in the namespace of the Ingress object. If + resource is specified, serviceName and servicePort + must not be specified. + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the referenced service. + x-kubernetes-int-or-string: true + type: object + ingressClassName: + description: IngressClassName is the name of the IngressClass + cluster resource. The associated IngressClass defines + which controller will implement the resource. This replaces + the deprecated `kubernetes.io/ingress.class` annotation. + For backwards compatibility, when that annotation is set, + it must be given precedence over this field. The controller + may emit a warning if the field and annotation have different + values. Implementations of this API should ignore Ingresses + without a class specified. An IngressClass resource may + be marked as default, which can be used to set a default + value for this field. For more information, refer to the + IngressClass documentation. + type: string + rules: + description: A list of host rules used to configure the + Ingress. If unspecified, or no rule matches, all traffic + is sent to the default backend. + items: + description: IngressRule represents the rules mapping + the paths under a specified host to the related backend + services. Incoming requests are first evaluated for + a host match, then routed to the backend associated + with the matching IngressRuleValue. + properties: + host: + description: "Host is the fully qualified domain name + of a network host, as defined by RFC 3986. Note + the following deviations from the \"host\" part + of the URI as defined in RFC 3986: 1. IPs are not + allowed. Currently an IngressRuleValue can only + apply to the IP in the Spec of the parent Ingress. + 2. The `:` delimiter is not respected because ports + are not allowed. \t Currently the port of an Ingress + is implicitly :80 for http and \t :443 for https. + Both these may change in the future. Incoming requests + are matched against the host before the IngressRuleValue. + If the host is unspecified, the Ingress routes all + traffic based on the specified IngressRuleValue. + \n Host can be \"precise\" which is a domain name + without the terminating dot of a network host (e.g. + \"foo.bar.com\") or \"wildcard\", which is a domain + name prefixed with a single wildcard label (e.g. + \"*.foo.com\"). The wildcard character '*' must + appear by itself as the first DNS label and matches + only a single label. You cannot have a wildcard + label by itself (e.g. Host == \"*\"). Requests will + be matched against the Host field in the following + way: 1. If Host is precise, the request matches + this rule if the http host header is equal to Host. + 2. If Host is a wildcard, then the request matches + this rule if the http host header is to equal to + the suffix (removing the first label) of the wildcard + rule." + type: string + http: + description: 'HTTPIngressRuleValue is a list of http + selectors pointing to backends. In the example: + http:///? -> backend where + where parts of the url correspond to RFC 3986, this + resource will be used to match against everything + after the last ''/'' and before the first ''?'' + or ''#''.' + properties: + paths: + description: A collection of paths that map requests + to backends. + items: + description: HTTPIngressPath associates a path + with a backend. Incoming urls matching the + path are forwarded to the backend. + properties: + backend: + description: Backend defines the referenced + service endpoint to which the traffic + will be forwarded to. + properties: + resource: + description: Resource is an ObjectRef + to another Kubernetes resource in + the namespace of the Ingress object. + If resource is specified, serviceName + and servicePort must not be specified. + properties: + apiGroup: + description: APIGroup is the group + for the resource being referenced. + If APIGroup is not specified, + the specified Kind must be in + the core API group. For any other + third-party types, APIGroup is + required. + type: string + kind: + description: Kind is the type of + resource being referenced + type: string + name: + description: Name is the name of + resource being referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the + referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the + referenced service. + x-kubernetes-int-or-string: true + type: object + path: + description: Path is matched against the + path of an incoming request. Currently + it can contain characters disallowed from + the conventional "path" part of a URL + as defined by RFC 3986. Paths must begin + with a '/'. When unspecified, all paths + from incoming requests are matched. + type: string + pathType: + description: 'PathType determines the interpretation + of the Path matching. PathType can be + one of the following values: * Exact: + Matches the URL path exactly. * Prefix: + Matches based on a URL path prefix split + by ''/''. Matching is done on a path + element by element basis. A path element + refers is the list of labels in the + path split by the ''/'' separator. A request + is a match for path p if every p is + an element-wise prefix of p of the request + path. Note that if the last element of + the path is a substring of the last + element in request path, it is not a match + (e.g. /foo/bar matches /foo/bar/baz, + but does not match /foo/barbaz). * ImplementationSpecific: + Interpretation of the Path matching is + up to the IngressClass. Implementations + can treat this as a separate PathType or + treat it identically to Prefix or Exact + path types. Implementations are required + to support all path types. Defaults to + ImplementationSpecific.' + type: string + required: + - backend + type: object + type: array + required: + - paths + type: object + type: object + type: array + tls: + description: TLS configuration. Currently the Ingress only + supports a single TLS port, 443. If multiple members of + this list specify different hosts, they will be multiplexed + on the same port according to the hostname specified through + the SNI TLS extension, if the ingress controller fulfilling + the ingress supports SNI. + items: + description: IngressTLS describes the transport layer + security associated with an Ingress. + properties: + hosts: + description: Hosts are a list of hosts included in + the TLS certificate. The values in this list must + match the name/s used in the tlsSecret. Defaults + to the wildcard host setting for the loadbalancer + controller fulfilling this Ingress, if left unspecified. + items: + type: string + type: array + secretName: + description: SecretName is the name of the secret + used to terminate TLS traffic on port 443. Field + is left optional to allow TLS routing based on SNI + hostname alone. If the SNI host in a listener conflicts + with the "Host" header field used by an IngressRule, + the SNI host is used for termination and value of + the Host header is used for routing. + type: string + type: object + type: array + type: object + required: + - spec + type: object + loadBalancer: + description: LoadBalancer allows to create a kubernetes load balancer + service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type load balancer + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring source + range + items: + type: string + type: array + port: + description: Port allows to configure external port for client + consumption If not configured, same internal/external port + will be configured per component Information about the port + can be retrieved through status API + format: int32 + type: integer + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port offset + to be used and will go in the increasing order with respect + to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for OpenShift + Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the OpenShift + service type route + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. It defaults + to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: Type defines supported kubernetes external services + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + image: + description: Image defines application and init docker image configuration. + Change will roll the cluster + properties: + application: + description: Application defines application docker image name + pattern: .+:.+ + type: string + init: + description: Init defines init-container name + pattern: .+:.+ + type: string + pullSecretRef: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods that + reference this ServiceAccount. ImagePullSecrets are distinct from + Secrets because Secrets can be mounted in the pod, but ImagePullSecrets + are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: InjectAnnotations annotations are injected to all the internal + resources created by Operator. All the internal annotations is preserved + and forbidden to override. For pod annotations, use podTemplate.annotations + type: object + injectLabels: + additionalProperties: + type: string + description: InjectLabels labels are injected to all the internal resources + created by Operator. All the internal labels is preserved and forbidden + to override. For pod labels, use podTemplate.labels + type: object + internalTopicReplicationFactor: + description: ' InternalTopicReplicationFactor defines internal topic + replication factor If not configured, it will be configured as 3' + format: int32 + type: integer + k8sClusterDomain: + description: K8SClusterDomain defines configuring kubernetes cluster + domain if required. If this setting is not configured it will default + to cluster.local domain. + type: string + keyConverterType: + description: KeyConverter defines the supported converters package for + CP platform Supported converter types here, https://docs.confluent.io/current/connect/concepts.html#connect-converters + By default, it is configured as org.apache.kafka.connect.json.JsonConverter + minLength: 1 + type: string + license: + description: License defines license configuration for Confluent platform + component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where license key is mounted. More information about + the usage be found in Confluent Operator document. + minLength: 1 + type: string + globalLicense: + description: GlobalLicense specifies whether operator pod license + will be used for this component If enabled then Confluent platform + component shares Confluent Operator license. + type: boolean + secretRef: + description: SecretRef is secret reference which provides license + for CP component More information about the license key struct + can be found in Confluent Operator document. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + metrics: + description: Metrics specifies the security settings for metric services + properties: + authentication: + description: Metrics security authentication + properties: + type: + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: Override for jmx-prometheus exporter configs + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Prometheus exporter rule override + properties: + attrNameSnakeCase: + minLength: 1 + type: string + cache: + minLength: 1 + type: string + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + minLength: 1 + type: string + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP component + (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: MountedSecrets defines list of secrets reference injected + to the the underlying statefulset configuration. The secret reference + is mounted secret mounted in default path /mnt/secrets/. + The underlying resources will follow the secret as a file configuration + as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod + Change will roll the cluster + items: + description: MountedSecrets allows provides a way to inject custom + secret to underlying statefulset. + properties: + keyItems: + description: keyItems is list of key and path names + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must + be a value between 0 and 0777. If not specified, the volume + defaultMode will be used. This might be in conflict with + other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key + to. May not be an absolute path. May not contain the path + element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: SecretRef defines the secret name referenced + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + oneReplicaPerNode: + description: OneReplicaPerNode enforces to run 1 pod per node through + pod anti-affinity capability. Enabling this configuration in existing + cluster will roll. Change will roll the cluster + type: boolean + podTemplate: + description: PodTemplate defines some statefulset pod template configuration + properties: + affinity: + description: 'Affinity is a group of affinity scheduling rules. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its + node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. + The TopologySelectorTerm type implements a subset + of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the + sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations defines an unstructured key value map + stored with a resource that may be set by external tools to store + and retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + envVars: + description: 'EnvVars defines the collection of EnvVar to inject + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Labels defines map of string keys and values that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present in + container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all + containers in a pod. Some volume types allow the Kubelet to + change the ownership of that volume to be owned by the pod: + \n 1. The owning GID will be the FSGroup 2. The setgid bit + is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership and permissions + of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence for + that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to + start the container if it does. If unset or false, no such + validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run + in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName defines priority class for the pod + (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: Probe defines some fields of standard kubernetes readiness/liveness + probe configuration. + properties: + liveness: + description: Liveness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + readiness: + description: Readiness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + type: object + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds defines grace period + for pod deletion + format: int64 + type: integer + tolerations: + description: Tolerations defines The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator . + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using the + matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to + Equal. Exists is equivalent to wildcard for value, so that + a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do + not evict). Zero and negative values will be treated as + 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + type: object + replicas: + description: Replicas is the desired number of replicas of the given + Template. Change will roll the cluster + format: int32 + type: integer + storageClass: + description: Storage class used for creating pvc's of created connect + pods + properties: + name: + description: Name defines name is the storage class reference name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + telemetry: + description: ConfluentTelemetry defines the confluent telemetry reporter + configuration + properties: + global: + description: Global will allow disabling telemetry configuration. + If Operator is deployed with telemetry, this field is only is + used to disabled. By default the value is true if telemetry is + enabled in global level. + type: boolean + type: object + tls: + description: TLS allows configuring CP Component's server configuration + properties: + autoGeneratedCerts: + description: AutoGenerated if configures generates the certificates + based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where keystore/truststore.jks/jksPassword.txt keys + are mounted. CP will not configure truststore.jks can be ignored + with IgnoreTrustStoreConfig field + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the truststore + configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced for + jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced for + jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for certificates + More information about certificates key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + valueConverterType: + description: ValueConverter defines the supported converters package + for CP platform Supported converter types here, https://docs.confluent.io/current/connect/concepts.html#connect-converters + By default, it is configured as org.apache.kafka.connect.json.JsonConverter + minLength: 1 + type: string + required: + - image + - replicas + type: object + status: + description: ConnectStatus defines the observed state of Connect + properties: + authorizationType: + type: string + clusterName: + description: ClusterName defines the name of the cluster + type: string + clusterNamespace: + description: ClusterNamespace provides the namespace where cluster is + running + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + currentReplicas: + description: CurrentReplicas defines current running replicas + format: int32 + type: integer + groupId: + type: string + internalSecrets: + description: InternalSecrets defines the list of internal secrets created + by Operator for each CP component. + items: + type: string + type: array + internalTopicNames: + description: InternalTopicNames is a list of topics used by the component + for internal use + items: + type: string + type: array + kafka: + description: KafkaClientInfoStatus defines the kafka client side status + for all CP component + properties: + authenticationType: + description: AuthenticationType defines the authentication type + for kafka + type: string + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + type: string + tls: + description: TLS defines if tls is enabled for kafka dependency + type: boolean + type: object + operatorVersion: + description: OperatorVersion defines the internal version of operator + type: string + phase: + description: Phase defines the state of the CP component + type: string + rbac: + description: RBACInfoStatus defines RBAC related status when RBAC is + enabled + properties: + clusterId: + description: ClusterId defines the id of cluster + type: string + internalRolebindings: + description: RolebindingState defines the state of internal rolebindings + items: + type: string + type: array + type: object + readyReplicas: + description: ReadyReplicas defines current ready replicas + format: int32 + type: integer + replicas: + description: Replicas defines replicas + format: int32 + type: integer + restConfig: + description: ListenerStatus describes general information about a listeners + properties: + advertisedExternalEndpoints: + description: AdvertisedExternalEndpoints defines other advertised + endpoints, especially use for kafka + items: + type: string + type: array + authenticationType: + description: AuthenticationType defines authentication type configured + by a listener + type: string + externalEndpoint: + description: ExternalEndpoint defines the external endpoint to connect + to the service + type: string + internalEndpoint: + description: InternalEndpoint defines the internal endpoint to connect + to the service + type: string + tls: + description: TLS defines whether tls is configured by a listener + type: boolean + type: object + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.0.0/crds/platform.confluent.io_controlcenters.yaml b/base/cfk-base/2.0.0/crds/platform.confluent.io_controlcenters.yaml new file mode 100644 index 0000000..d7d7783 --- /dev/null +++ b/base/cfk-base/2.0.0/crds/platform.confluent.io_controlcenters.yaml @@ -0,0 +1,3035 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_controlcenters.yaml + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: controlcenters.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.replicas + name: Replicas + type: string + - JSONPath: .status.readyReplicas + name: Ready + type: string + - JSONPath: .status.phase + name: Status + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.kafka.bootstrapEndpoint + name: Kafka + priority: 1 + type: string + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: ControlCenter + listKind: ControlCenterList + plural: controlcenters + shortNames: + - controlcenter + - c3 + singular: controlcenter + preserveUnknownFields: false + scope: Namespaced + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + validation: + openAPIV3Schema: + description: ControlCenter is the Schema for the controlcenter API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ControlCenterSpec defines the desired state of ControlCenter + properties: + authentication: + description: Authentication defines the rest-endpoint configuration + properties: + basic: + description: BasicAuthentication defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic credential + through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on the + server side only. Changes will be only reflected in ControlCenter + (C3). This configuration is ignored on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on the + server side only. This configuration is ignored on the client + side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + ldap: + description: C3LdapAuthentication defines ldap authentication + properties: + property: + additionalProperties: + type: string + description: Property defines all the properties for LDAP configuration + Make sure to use secret object to pass username/password + type: object + restrictedRoles: + description: RestrictedRoles defines restricted access roles + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on the + server side only. + items: + type: string + minItems: 1 + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - basic + - ldap + - mtls + type: string + required: + - type + type: object + authorization: + description: Authorization defines authorization configurations + properties: + kafkaRestClassRef: + description: KafkaRestClassRef defines the reference for KafkaRestClass + which defines Kafka Rest API + properties: + name: + description: Name defines the name of KafkaRestClass + minLength: 1 + type: string + namespace: + description: Namespace defines the namespace of the KafkaRestClass + type: string + required: + - name + type: object + type: + enum: + - rbac + type: string + required: + - type + type: object + configOverrides: + description: ConfigurationOverrides defines capability to override server/jvm/log4j + properties for each Confluent platform component. Change will roll + the cluster + properties: + jvm: + description: JVM defines a list of jvm configuration supported by + application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported by + application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + dataVolumeCapacity: + anyOf: + - type: integer + - type: string + description: DataVolumeCapacity defines the data size for PV + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + dependencies: + description: Dependencies defines all the dependencies service configuration + properties: + connect: + description: Connect defines connect worker dependencies configuration + items: + description: ControlCenterConnectDependency + properties: + authentication: + description: Authentication defines the authentication for + the connect cluster + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass + basic credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles + on the server side only. Changes will be only reflected + in ControlCenter (C3). This configuration is ignored + on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is ignored + on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + name: + description: Name defines the cluster name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + tls: + description: TLSDependencyConfig defines the client side TLS + setting for connect cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - name + - url + type: object + type: array + kafka: + description: Kafka defines kafka dependencies configuration + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + ksqldb: + description: KsqlDB defines ksqldb dependencies configuration + items: + description: ControlCenterKSQLDependency + properties: + advertisedUrl: + description: AdvertisedURL defines the advertised url to use + in browser. + minLength: 1 + pattern: ^https?://.* + type: string + authentication: + description: Authentication defines the authentication for + the ksqldb cluster + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass + basic credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles + on the server side only. Changes will be only reflected + in ControlCenter (C3). This configuration is ignored + on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is ignored + on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + name: + description: Name defines the cluster name + minLength: 1 + type: string + tls: + description: TLSDependencyConfig defines the client side TLS + setting for ksqldb cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - name + - url + type: object + type: array + mds: + description: MDSDependencies defines the RBAC dependencies configurations + properties: + authentication: + description: Authentication defines MDS authentication configuration + properties: + bearer: + description: BearerAuthentication defines bearer authentication + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines the authentication type support + for MDS + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: Endpoint defines the mds endpoint + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: TokenKeyPair defines the token keypair to configure + MDS + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - authentication + - endpoint + - tokenKeyPair + type: object + schemaRegistry: + description: SchemaRegistry defines schema registry dependencies + configuration + properties: + authentication: + description: Authentication defines the authentication for the + schemaregistry cluster + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass + basic credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles + on the server side only. Changes will be only reflected + in ControlCenter (C3). This configuration is ignored + on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is ignored + on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + clusters: + items: + description: ControlCenterMultiSchemaRegistryDependency + properties: + authentication: + description: Authentication defines the authentication + for the schemaregistry cluster + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to + pass basic credential through directory path + in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted + roles on the server side only. Changes will + be only reflected in ControlCenter (C3). This + configuration is ignored on the client side + configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration + is ignored on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication + scheme for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + name: + description: Name defines the cluster name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + tls: + description: TLSDependencyConfig defines the client side + TLS setting for schemaregistry cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the + directory path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration + for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure + ignores the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name + referenced for jks password More information + about jks password key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - name + - url + type: object + type: array + tls: + description: TLSDependencyConfig defines the client side TLS + setting for schemaregistry cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - url + type: object + type: object + externalAccess: + description: ExternalAccess defines the external access configuration + properties: + ingress: + description: Ingress allows to create a ingress service Not implemented + yet! + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type ingress service + type: object + spec: + description: IngressSpec describes the Ingress the user wishes + to exist. + properties: + backend: + description: A default backend capable of servicing requests + that don't match any rule. At least one of 'backend' or + 'rules' must be specified. This field is optional to allow + the loadbalancer controller or defaulting logic to specify + a global default. + properties: + resource: + description: Resource is an ObjectRef to another Kubernetes + resource in the namespace of the Ingress object. If + resource is specified, serviceName and servicePort + must not be specified. + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the referenced service. + x-kubernetes-int-or-string: true + type: object + ingressClassName: + description: IngressClassName is the name of the IngressClass + cluster resource. The associated IngressClass defines + which controller will implement the resource. This replaces + the deprecated `kubernetes.io/ingress.class` annotation. + For backwards compatibility, when that annotation is set, + it must be given precedence over this field. The controller + may emit a warning if the field and annotation have different + values. Implementations of this API should ignore Ingresses + without a class specified. An IngressClass resource may + be marked as default, which can be used to set a default + value for this field. For more information, refer to the + IngressClass documentation. + type: string + rules: + description: A list of host rules used to configure the + Ingress. If unspecified, or no rule matches, all traffic + is sent to the default backend. + items: + description: IngressRule represents the rules mapping + the paths under a specified host to the related backend + services. Incoming requests are first evaluated for + a host match, then routed to the backend associated + with the matching IngressRuleValue. + properties: + host: + description: "Host is the fully qualified domain name + of a network host, as defined by RFC 3986. Note + the following deviations from the \"host\" part + of the URI as defined in RFC 3986: 1. IPs are not + allowed. Currently an IngressRuleValue can only + apply to the IP in the Spec of the parent Ingress. + 2. The `:` delimiter is not respected because ports + are not allowed. \t Currently the port of an Ingress + is implicitly :80 for http and \t :443 for https. + Both these may change in the future. Incoming requests + are matched against the host before the IngressRuleValue. + If the host is unspecified, the Ingress routes all + traffic based on the specified IngressRuleValue. + \n Host can be \"precise\" which is a domain name + without the terminating dot of a network host (e.g. + \"foo.bar.com\") or \"wildcard\", which is a domain + name prefixed with a single wildcard label (e.g. + \"*.foo.com\"). The wildcard character '*' must + appear by itself as the first DNS label and matches + only a single label. You cannot have a wildcard + label by itself (e.g. Host == \"*\"). Requests will + be matched against the Host field in the following + way: 1. If Host is precise, the request matches + this rule if the http host header is equal to Host. + 2. If Host is a wildcard, then the request matches + this rule if the http host header is to equal to + the suffix (removing the first label) of the wildcard + rule." + type: string + http: + description: 'HTTPIngressRuleValue is a list of http + selectors pointing to backends. In the example: + http:///? -> backend where + where parts of the url correspond to RFC 3986, this + resource will be used to match against everything + after the last ''/'' and before the first ''?'' + or ''#''.' + properties: + paths: + description: A collection of paths that map requests + to backends. + items: + description: HTTPIngressPath associates a path + with a backend. Incoming urls matching the + path are forwarded to the backend. + properties: + backend: + description: Backend defines the referenced + service endpoint to which the traffic + will be forwarded to. + properties: + resource: + description: Resource is an ObjectRef + to another Kubernetes resource in + the namespace of the Ingress object. + If resource is specified, serviceName + and servicePort must not be specified. + properties: + apiGroup: + description: APIGroup is the group + for the resource being referenced. + If APIGroup is not specified, + the specified Kind must be in + the core API group. For any other + third-party types, APIGroup is + required. + type: string + kind: + description: Kind is the type of + resource being referenced + type: string + name: + description: Name is the name of + resource being referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the + referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the + referenced service. + x-kubernetes-int-or-string: true + type: object + path: + description: Path is matched against the + path of an incoming request. Currently + it can contain characters disallowed from + the conventional "path" part of a URL + as defined by RFC 3986. Paths must begin + with a '/'. When unspecified, all paths + from incoming requests are matched. + type: string + pathType: + description: 'PathType determines the interpretation + of the Path matching. PathType can be + one of the following values: * Exact: + Matches the URL path exactly. * Prefix: + Matches based on a URL path prefix split + by ''/''. Matching is done on a path + element by element basis. A path element + refers is the list of labels in the + path split by the ''/'' separator. A request + is a match for path p if every p is + an element-wise prefix of p of the request + path. Note that if the last element of + the path is a substring of the last + element in request path, it is not a match + (e.g. /foo/bar matches /foo/bar/baz, + but does not match /foo/barbaz). * ImplementationSpecific: + Interpretation of the Path matching is + up to the IngressClass. Implementations + can treat this as a separate PathType or + treat it identically to Prefix or Exact + path types. Implementations are required + to support all path types. Defaults to + ImplementationSpecific.' + type: string + required: + - backend + type: object + type: array + required: + - paths + type: object + type: object + type: array + tls: + description: TLS configuration. Currently the Ingress only + supports a single TLS port, 443. If multiple members of + this list specify different hosts, they will be multiplexed + on the same port according to the hostname specified through + the SNI TLS extension, if the ingress controller fulfilling + the ingress supports SNI. + items: + description: IngressTLS describes the transport layer + security associated with an Ingress. + properties: + hosts: + description: Hosts are a list of hosts included in + the TLS certificate. The values in this list must + match the name/s used in the tlsSecret. Defaults + to the wildcard host setting for the loadbalancer + controller fulfilling this Ingress, if left unspecified. + items: + type: string + type: array + secretName: + description: SecretName is the name of the secret + used to terminate TLS traffic on port 443. Field + is left optional to allow TLS routing based on SNI + hostname alone. If the SNI host in a listener conflicts + with the "Host" header field used by an IngressRule, + the SNI host is used for termination and value of + the Host header is used for routing. + type: string + type: object + type: array + type: object + required: + - spec + type: object + loadBalancer: + description: LoadBalancer allows to create a kubernetes load balancer + service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type load balancer + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring source + range + items: + type: string + type: array + port: + description: Port allows to configure external port for client + consumption If not configured, same internal/external port + will be configured per component Information about the port + can be retrieved through status API + format: int32 + type: integer + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port offset + to be used and will go in the increasing order with respect + to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for OpenShift + Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the OpenShift + service type route + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. It defaults + to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: Type defines supported kubernetes external services + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + id: + description: ControlCenterID identifier used as a prefix so that multiple + instances of Control Center can co-exist. + format: int32 + type: integer + image: + description: Image defines application and init docker image configuration. + Change will roll the cluster + properties: + application: + description: Application defines application docker image name + pattern: .+:.+ + type: string + init: + description: Init defines init-container name + pattern: .+:.+ + type: string + pullSecretRef: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods that + reference this ServiceAccount. ImagePullSecrets are distinct from + Secrets because Secrets can be mounted in the pod, but ImagePullSecrets + are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: InjectAnnotations annotations are injected to all the internal + resources created by Operator. All the internal annotations is preserved + and forbidden to override. For pod annotations, use podTemplate.annotations + type: object + injectLabels: + additionalProperties: + type: string + description: InjectLabels labels are injected to all the internal resources + created by Operator. All the internal labels is preserved and forbidden + to override. For pod labels, use podTemplate.labels + type: object + internalTopicReplicatorFactor: + format: int32 + type: integer + k8sClusterDomain: + description: K8SClusterDomain defines configuring kubernetes cluster + domain if required. If this setting is not configured it will default + to cluster.local domain. + type: string + license: + description: License defines license configuration for Confluent platform + component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where license key is mounted. More information about + the usage be found in Confluent Operator document. + minLength: 1 + type: string + globalLicense: + description: GlobalLicense specifies whether operator pod license + will be used for this component If enabled then Confluent platform + component shares Confluent Operator license. + type: boolean + secretRef: + description: SecretRef is secret reference which provides license + for CP component More information about the license key struct + can be found in Confluent Operator document. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + mail: + description: ControlCenterSMTPServer, these settings control the SMTP + server and account used when an alerts triggers the email action. + properties: + authentication: + description: Authentication SMTP supports basic authentication support + only For other types of authentication use config overrides capability. + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic + credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on + the server side only. Changes will be only reflected in + ControlCenter (C3). This configuration is ignored on the + client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on + the server side only. This configuration is ignored on + the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme for + Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + checkServerIdentity: + description: CheckServerIdentity forces validation of server’s certificate + when using STARTTLS or SSL. + type: boolean + hostname: + description: Hostname of outgoing SMTP server + minLength: 1 + type: string + mailBounceAddress: + description: MailBounceAddress override for MailFrom config to send + message + minLength: 1 + type: string + mailFrom: + description: MailFrom the originating address for emails sent from + Control Center. + minLength: 1 + type: string + port: + description: Port SMTP port open on for hostname + format: int32 + type: integer + startTLSRequired: + description: StartTLSRequired forces using STARTTLS. + type: boolean + required: + - hostname + type: object + metrics: + description: Metrics specifies the security settings for metric services + properties: + authentication: + description: Metrics security authentication + properties: + type: + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: Override for jmx-prometheus exporter configs + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Prometheus exporter rule override + properties: + attrNameSnakeCase: + minLength: 1 + type: string + cache: + minLength: 1 + type: string + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + minLength: 1 + type: string + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP component + (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + monitoringKafkaClusters: + description: MonitoringKafkaClusters defines configuring monitoring + clusters + items: + description: MonitoringKafkaClusters kafka cluster configuration + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + name: + description: Name defines the cluster name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + tls: + description: TLSDependencyConfig defines the client side TLS setting + for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + required: + - name + type: object + type: array + mountedSecrets: + description: MountedSecrets defines list of secrets reference injected + to the the underlying statefulset configuration. The secret reference + is mounted secret mounted in default path /mnt/secrets/. + The underlying resources will follow the secret as a file configuration + as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod + Change will roll the cluster + items: + description: MountedSecrets allows provides a way to inject custom + secret to underlying statefulset. + properties: + keyItems: + description: keyItems is list of key and path names + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must + be a value between 0 and 0777. If not specified, the volume + defaultMode will be used. This might be in conflict with + other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key + to. May not be an absolute path. May not contain the path + element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: SecretRef defines the secret name referenced + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + name: + description: ControlCenterName name of the cluster + type: string + oneReplicaPerNode: + description: OneReplicaPerNode enforces to run 1 pod per node through + pod anti-affinity capability. Enabling this configuration in existing + cluster will roll. Change will roll the cluster + type: boolean + podTemplate: + description: PodTemplate defines some statefulset pod template configuration + properties: + affinity: + description: 'Affinity is a group of affinity scheduling rules. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its + node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. + The TopologySelectorTerm type implements a subset + of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the + sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations defines an unstructured key value map + stored with a resource that may be set by external tools to store + and retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + envVars: + description: 'EnvVars defines the collection of EnvVar to inject + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Labels defines map of string keys and values that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present in + container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all + containers in a pod. Some volume types allow the Kubelet to + change the ownership of that volume to be owned by the pod: + \n 1. The owning GID will be the FSGroup 2. The setgid bit + is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership and permissions + of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence for + that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to + start the container if it does. If unset or false, no such + validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run + in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName defines priority class for the pod + (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: Probe defines some fields of standard kubernetes readiness/liveness + probe configuration. + properties: + liveness: + description: Liveness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + readiness: + description: Readiness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + type: object + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds defines grace period + for pod deletion + format: int64 + type: integer + tolerations: + description: Tolerations defines The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator . + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using the + matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to + Equal. Exists is equivalent to wildcard for value, so that + a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do + not evict). Zero and negative values will be treated as + 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + type: object + replicas: + description: Replicas is the desired number of replicas of the given + Template. Change will roll the cluster + format: int32 + type: integer + storageClass: + description: StorageClass defines user provided storage class reference + properties: + name: + description: Name defines name is the storage class reference name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + telemetry: + description: ConfluentTelemetry defines the confluent telemetry reporter + configuration + properties: + global: + description: Global will allow disabling telemetry configuration. + If Operator is deployed with telemetry, this field is only is + used to disabled. By default the value is true if telemetry is + enabled in global level. + type: boolean + type: object + tls: + description: TLS defines tls configuration for rest-endpoint + properties: + autoGeneratedCerts: + description: AutoGenerated if configures generates the certificates + based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where keystore/truststore.jks/jksPassword.txt keys + are mounted. CP will not configure truststore.jks can be ignored + with IgnoreTrustStoreConfig field + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the truststore + configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced for + jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced for + jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for certificates + More information about certificates key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - dataVolumeCapacity + - image + - replicas + type: object + status: + description: ControlCenterStatus defines the observed state of ControlCenter + properties: + authorizationType: + type: string + clusterName: + description: ClusterName defines the name of the cluster + type: string + clusterNamespace: + description: ClusterNamespace provides the namespace where cluster is + running + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + controlCenterName: + type: string + currentReplicas: + description: CurrentReplicas defines current running replicas + format: int32 + type: integer + id: + format: int32 + type: integer + internalSecrets: + description: InternalSecrets defines the list of internal secrets created + by Operator for each CP component. + items: + type: string + type: array + internalTopicNames: + description: InternalTopicNames is a list of topics used by the component + for internal use + items: + type: string + type: array + kafka: + description: KafkaClientInfoStatus defines the kafka client side status + for all CP component + properties: + authenticationType: + description: AuthenticationType defines the authentication type + for kafka + type: string + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + type: string + tls: + description: TLS defines if tls is enabled for kafka dependency + type: boolean + type: object + operatorVersion: + description: OperatorVersion defines the internal version of operator + type: string + phase: + description: Phase defines the state of the CP component + type: string + rbac: + description: RBACInfoStatus defines RBAC related status when RBAC is + enabled + properties: + clusterId: + description: ClusterId defines the id of cluster + type: string + internalRolebindings: + description: RolebindingState defines the state of internal rolebindings + items: + type: string + type: array + type: object + readyReplicas: + description: ReadyReplicas defines current ready replicas + format: int32 + type: integer + replicas: + description: Replicas defines replicas + format: int32 + type: integer + restConfig: + description: ListenerStatus describes general information about a listeners + properties: + advertisedExternalEndpoints: + description: AdvertisedExternalEndpoints defines other advertised + endpoints, especially use for kafka + items: + type: string + type: array + authenticationType: + description: AuthenticationType defines authentication type configured + by a listener + type: string + externalEndpoint: + description: ExternalEndpoint defines the external endpoint to connect + to the service + type: string + internalEndpoint: + description: InternalEndpoint defines the internal endpoint to connect + to the service + type: string + tls: + description: TLS defines whether tls is configured by a listener + type: boolean + type: object + required: + - id + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.0.0/crds/platform.confluent.io_kafkarestclasses.yaml b/base/cfk-base/2.0.0/crds/platform.confluent.io_kafkarestclasses.yaml new file mode 100644 index 0000000..d685a88 --- /dev/null +++ b/base/cfk-base/2.0.0/crds/platform.confluent.io_kafkarestclasses.yaml @@ -0,0 +1,364 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_kafkarestclasses.yaml + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: kafkarestclasses.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: KafkaRestClass + listKind: KafkaRestClassList + plural: kafkarestclasses + shortNames: + - krc + - kafkarestclass + singular: kafkarestclass + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: KafkaRestClass is the Schema for the kafkarestclasses API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KafkaRestClassSpec defines the desired state of KafkaRestClass + properties: + kafkaClusterRef: + description: KafkaClusterRef defines the name of the kafka cluster + properties: + name: + description: Name defines name of the Kafka cluster + minLength: 1 + type: string + namespace: + description: Namespace defines namespace where kafka cluster is + running + minLength: 1 + type: string + required: + - name + type: object + kafkaRest: + description: KafkaRestApiInfo defines Kafka Rest API configuration + properties: + authentication: + description: Authentication defines authentication of Kafka Rest + API + properties: + basic: + description: BasicAuthentication defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic + credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on + the server side only. Changes will be only reflected in + ControlCenter (C3). This configuration is ignored on the + client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on + the server side only. This configuration is ignored on + the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + bearer: + description: BearerAuthentication used by MDS clients + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - basic + - bearer + type: string + required: + - type + type: object + endpoint: + description: Endpoint defines where confluent Kafka Rest API is + running + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: TLSDependencyConfig defines the client side tls configuration + to connect to Kafka Rest API + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + secondaryKafkaClusterRef: + description: SecondaryKafkaClusterRef defines the name of the secondary + kafka cluster when using centralized RBAC + properties: + name: + description: Name defines name of the Kafka cluster + minLength: 1 + type: string + namespace: + description: Namespace defines namespace where kafka cluster is + running + minLength: 1 + type: string + required: + - name + type: object + secondaryKafkaRest: + description: SeconaryKafkaRestApiInfo defines secondary Kafka Rest API + configuration when using centralized RBAC + properties: + authentication: + description: Authentication defines authentication of Kafka Rest + API + properties: + basic: + description: BasicAuthentication defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic + credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on + the server side only. Changes will be only reflected in + ControlCenter (C3). This configuration is ignored on the + client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on + the server side only. This configuration is ignored on + the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + bearer: + description: BearerAuthentication used by MDS clients + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - basic + - bearer + type: string + required: + - type + type: object + endpoint: + description: Endpoint defines where confluent Kafka Rest API is + running + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: TLSDependencyConfig defines the client side tls configuration + to connect to Kafka Rest API + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + type: object + status: + description: KafkaRestClassStatus defines the observed state of KafkaRestClass + properties: + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + endpoint: + description: Endpoint defines the kafkarest/mds endpoint + type: string + kafkaClusterId: + description: KafkaClusterId defines the cluster id of kafka cluster + If using centralized RBAC and kafkarestclass is for secondary kafka + cluster, it will be clusterId of secondary kafka cluster + type: string + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.0.0/crds/platform.confluent.io_kafkas.yaml b/base/cfk-base/2.0.0/crds/platform.confluent.io_kafkas.yaml new file mode 100644 index 0000000..3d61f2d --- /dev/null +++ b/base/cfk-base/2.0.0/crds/platform.confluent.io_kafkas.yaml @@ -0,0 +1,4984 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_kafkas.yaml + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: kafkas.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.replicas + name: Replicas + type: string + - JSONPath: .status.readyReplicas + name: Ready + type: string + - JSONPath: .status.phase + name: Status + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.zookeeperConnect + name: Zookeeper + priority: 1 + type: string + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: Kafka + listKind: KafkaList + plural: kafkas + shortNames: + - kafka + - broker + singular: kafka + preserveUnknownFields: false + scope: Namespaced + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + validation: + openAPIV3Schema: + description: Kafka is the Schema for the kafkas API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KafkaSpec defines the desired state of CP component, Kafka + Server + properties: + authorization: + description: Authorization defines authorization support + properties: + superUsers: + description: SuperUsers defines list of supers user to give admin + privilege on the Kafka Cluster This list takes the format as User: + items: + type: string + type: array + type: + enum: + - rbac + - simple + type: string + required: + - type + type: object + configOverrides: + description: ConfigurationOverrides defines capability to override server/jvm/log4j + properties for each Confluent platform component. Change will roll + the cluster + properties: + jvm: + description: JVM defines a list of jvm configuration supported by + application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported by + application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + dataVolumeCapacity: + anyOf: + - type: integer + - type: string + description: DataVolumeCapacity defines the PV capacity. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + dependencies: + description: Dependencies defines all the kafka dependencies like zookeeper + and centralized MDS settings + properties: + kafkaRest: + description: KafkaRestApiClientDep provides rest client auth for + MDS when RBAC is enabled + properties: + authentication: + description: Authentication defines authentication of Kafka + Rest API + properties: + bearer: + description: BearerAuthentication defines bearer authentication + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines the authentication type support + for MDS + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: Endpoint defines where confluent Kafka Rest API + is running + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: TLSDependencyConfig defines the client side tls + configuration to connect to Kafka Rest API + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: KafkaPrimaryMetaDataServerDep configure a secondary + Kafka cluster managed by the MDS of the primary Kafka cluster + properties: + endpoint: + description: URLEndpoint defines the URL endpoint in format + http|s://:port + minLength: 1 + pattern: ^https?://.* + type: string + kafka: + description: KafkaClientDependency allows configuring CP component + dependency to configure kafka settings + properties: + authentication: + description: Authentication defines the authentication for + the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's + JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference + to pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete + JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability + to discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is + running Uses the same namespace where Operator is + running if not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side + TLS setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: MDSTokenKeyPair load either through secretRef or + directory path + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - endpoint + - kafka + - tokenKeyPair + type: object + zookeeper: + description: KafkaZookeeperDependencies + properties: + authentication: + description: KafkaClientAuthentication defines the authentication + structure for all dependent CP Component for Kafka Cluster. + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + discovery: + description: Discovery discover structure used by Confluent + platform (CP) + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + endpoint: + description: Endpoint defines the endpoint for service is format + endpoint:port + minLength: 1 + pattern: .+:[0-9]+ + type: string + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + type: object + image: + description: Image defines application and init docker image configuration. + Change will roll the cluster + properties: + application: + description: Application defines application docker image name + pattern: .+:.+ + type: string + init: + description: Init defines init-container name + pattern: .+:.+ + type: string + pullSecretRef: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods that + reference this ServiceAccount. ImagePullSecrets are distinct from + Secrets because Secrets can be mounted in the pod, but ImagePullSecrets + are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: InjectAnnotations annotations are injected to all the internal + resources created by Operator. All the internal annotations is preserved + and forbidden to override. For pod annotations, use podTemplate.annotations + type: object + injectLabels: + additionalProperties: + type: string + description: InjectLabels labels are injected to all the internal resources + created by Operator. All the internal labels is preserved and forbidden + to override. For pod labels, use podTemplate.labels + type: object + k8sClusterDomain: + description: K8SClusterDomain defines configuring kubernetes cluster + domain if required. If this setting is not configured it will default + to cluster.local domain. + type: string + license: + description: License defines license configuration for Confluent platform + component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where license key is mounted. More information about + the usage be found in Confluent Operator document. + minLength: 1 + type: string + globalLicense: + description: GlobalLicense specifies whether operator pod license + will be used for this component If enabled then Confluent platform + component shares Confluent Operator license. + type: boolean + secretRef: + description: SecretRef is secret reference which provides license + for CP component More information about the license key struct + can be found in Confluent Operator document. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + listeners: + description: Listeners defines listeners configurations + properties: + custom: + items: + description: KafkaCustomListener ... + properties: + authentication: + description: KafkaZkAuthentication defines authentication + structure for Kafka/ZK cluster. + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to + pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + principalMappingRules: + items: + type: string + type: array + type: + description: Type defines supported kafka authentication + types + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + externalAccess: + description: KafkaExternalAccess allows to configure external + access for Kafka cluster + properties: + ingress: + description: Ingress allows to create a ingress service + Not implemented yet! + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations + for the kubernetes service type ingress service + type: object + spec: + description: IngressSpec describes the Ingress the + user wishes to exist. + properties: + backend: + description: A default backend capable of servicing + requests that don't match any rule. At least + one of 'backend' or 'rules' must be specified. + This field is optional to allow the loadbalancer + controller or defaulting logic to specify a + global default. + properties: + resource: + description: Resource is an ObjectRef to another + Kubernetes resource in the namespace of + the Ingress object. If resource is specified, + serviceName and servicePort must not be + specified. + properties: + apiGroup: + description: APIGroup is the group for + the resource being referenced. If APIGroup + is not specified, the specified Kind + must be in the core API group. For any + other third-party types, APIGroup is + required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the referenced + service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the referenced + service. + x-kubernetes-int-or-string: true + type: object + ingressClassName: + description: IngressClassName is the name of the + IngressClass cluster resource. The associated + IngressClass defines which controller will implement + the resource. This replaces the deprecated `kubernetes.io/ingress.class` + annotation. For backwards compatibility, when + that annotation is set, it must be given precedence + over this field. The controller may emit a warning + if the field and annotation have different values. + Implementations of this API should ignore Ingresses + without a class specified. An IngressClass resource + may be marked as default, which can be used + to set a default value for this field. For more + information, refer to the IngressClass documentation. + type: string + rules: + description: A list of host rules used to configure + the Ingress. If unspecified, or no rule matches, + all traffic is sent to the default backend. + items: + description: IngressRule represents the rules + mapping the paths under a specified host to + the related backend services. Incoming requests + are first evaluated for a host match, then + routed to the backend associated with the + matching IngressRuleValue. + properties: + host: + description: "Host is the fully qualified + domain name of a network host, as defined + by RFC 3986. Note the following deviations + from the \"host\" part of the URI as defined + in RFC 3986: 1. IPs are not allowed. Currently + an IngressRuleValue can only apply to + \ the IP in the Spec of the parent Ingress. + 2. The `:` delimiter is not respected + because ports are not allowed. \t Currently + the port of an Ingress is implicitly :80 + for http and \t :443 for https. Both + these may change in the future. Incoming + requests are matched against the host + before the IngressRuleValue. If the host + is unspecified, the Ingress routes all + traffic based on the specified IngressRuleValue. + \n Host can be \"precise\" which is a + domain name without the terminating dot + of a network host (e.g. \"foo.bar.com\") + or \"wildcard\", which is a domain name + prefixed with a single wildcard label + (e.g. \"*.foo.com\"). The wildcard character + '*' must appear by itself as the first + DNS label and matches only a single label. + You cannot have a wildcard label by itself + (e.g. Host == \"*\"). Requests will be + matched against the Host field in the + following way: 1. If Host is precise, + the request matches this rule if the http + host header is equal to Host. 2. If Host + is a wildcard, then the request matches + this rule if the http host header is to + equal to the suffix (removing the first + label) of the wildcard rule." + type: string + http: + description: 'HTTPIngressRuleValue is a + list of http selectors pointing to backends. + In the example: http:///? + -> backend where where parts of the url + correspond to RFC 3986, this resource + will be used to match against everything + after the last ''/'' and before the first + ''?'' or ''#''.' + properties: + paths: + description: A collection of paths that + map requests to backends. + items: + description: HTTPIngressPath associates + a path with a backend. Incoming + urls matching the path are forwarded + to the backend. + properties: + backend: + description: Backend defines the + referenced service endpoint + to which the traffic will be + forwarded to. + properties: + resource: + description: Resource is an + ObjectRef to another Kubernetes + resource in the namespace + of the Ingress object. If + resource is specified, serviceName + and servicePort must not + be specified. + properties: + apiGroup: + description: APIGroup + is the group for the + resource being referenced. + If APIGroup is not specified, + the specified Kind must + be in the core API group. + For any other third-party + types, APIGroup is required. + type: string + kind: + description: Kind is the + type of resource being + referenced + type: string + name: + description: Name is the + name of resource being + referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the + name of the referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the + port of the referenced service. + x-kubernetes-int-or-string: true + type: object + path: + description: Path is matched against + the path of an incoming request. + Currently it can contain characters + disallowed from the conventional + "path" part of a URL as defined + by RFC 3986. Paths must begin + with a '/'. When unspecified, + all paths from incoming requests + are matched. + type: string + pathType: + description: 'PathType determines + the interpretation of the Path + matching. PathType can be one + of the following values: * Exact: + Matches the URL path exactly. + * Prefix: Matches based on a + URL path prefix split by ''/''. + Matching is done on a path + element by element basis. A + path element refers is the list + of labels in the path split + by the ''/'' separator. A request + is a match for path p if every + p is an element-wise prefix + of p of the request path. + Note that if the last element + of the path is a substring of + the last element in request + path, it is not a match (e.g. + /foo/bar matches /foo/bar/baz, + but does not match /foo/barbaz). + * ImplementationSpecific: Interpretation + of the Path matching is up to the + IngressClass. Implementations + can treat this as a separate + PathType or treat it identically + to Prefix or Exact path types. + Implementations are required + to support all path types. Defaults + to ImplementationSpecific.' + type: string + required: + - backend + type: object + type: array + required: + - paths + type: object + type: object + type: array + tls: + description: TLS configuration. Currently the + Ingress only supports a single TLS port, 443. + If multiple members of this list specify different + hosts, they will be multiplexed on the same + port according to the hostname specified through + the SNI TLS extension, if the ingress controller + fulfilling the ingress supports SNI. + items: + description: IngressTLS describes the transport + layer security associated with an Ingress. + properties: + hosts: + description: Hosts are a list of hosts included + in the TLS certificate. The values in + this list must match the name/s used in + the tlsSecret. Defaults to the wildcard + host setting for the loadbalancer controller + fulfilling this Ingress, if left unspecified. + items: + type: string + type: array + secretName: + description: SecretName is the name of the + secret used to terminate TLS traffic on + port 443. Field is left optional to allow + TLS routing based on SNI hostname alone. + If the SNI host in a listener conflicts + with the "Host" header field used by an + IngressRule, the SNI host is used for + termination and value of the Host header + is used for routing. + type: string + type: object + type: array + type: object + required: + - spec + type: object + loadBalancer: + description: LoadBalancer allows to create a kubernetes + load balancer service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations + for the kubernetes service type load balancer + type: object + bootstrapPrefix: + description: BootstrapPrefix defines the prefix for + bootstrap advertised endpoint and will be added + as bootstrapPrefix.domain If not configured it will + be the cluster name of CR + minLength: 1 + type: string + brokerPrefix: + description: 'BrokerPrefix defines the prefix for + broker advertised endpoint and will be added as + brokerPrefix.domain If not configured, it will add + b as a prefix, like b#.domain where # will start + from 0 to replicas count' + minLength: 1 + type: string + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring + source range + items: + type: string + type: array + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on + service's port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed + names such as mycompany.com/my-custom-protocol. + Field can be enabled with ServiceAppProtocol + feature gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which + this service is exposed when type=NodePort + or LoadBalancer. Usually assigned by the system. + If specified, it will be allocated to the + service if unused or else creation of the + service will fail. Default is to auto-allocate + a port if the ServiceType of this Service + requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. + Supports "TCP", "UDP", and "SCTP". Default + is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to + access on the pods targeted by the service. + Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. If this is a string, + it will be looked up as a named port in the + target Pod''s container ports. If this is + not specified, the value of the ''port'' field + is used (an identity map). This field is ignored + for services with clusterIP=None, and should + be omitted or set equal to the ''port'' field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node + port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations + for the kubernetes service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port + offset to be used and will go in the increasing + order with respect to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on + service's port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed + names such as mycompany.com/my-custom-protocol. + Field can be enabled with ServiceAppProtocol + feature gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which + this service is exposed when type=NodePort + or LoadBalancer. Usually assigned by the system. + If specified, it will be allocated to the + service if unused or else creation of the + service will fail. Default is to auto-allocate + a port if the ServiceType of this Service + requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. + Supports "TCP", "UDP", and "SCTP". Default + is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to + access on the pods targeted by the service. + Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. If this is a string, + it will be looked up as a named port in the + target Pod''s container ports. If this is + not specified, the value of the ''port'' field + is used (an identity map). This field is ignored + for services with clusterIP=None, and should + be omitted or set equal to the ''port'' field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for + OpenShift Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations + for the OpenShift service type route + type: object + bootstrapPrefix: + description: BootstrapPrefix defines the prefix for + bootstrap advertised endpoint and will be added + as bootstrapPrefix.domain If not configured it will + be the cluster name of CR + minLength: 1 + type: string + brokerPrefix: + description: 'BrokerPrefix defines the prefix for + broker advertised endpoint and will be added as + brokerPrefix.domain If not configured, it will add + b as a prefix, like b#.domain where # will start + from 0 to replicas count' + minLength: 1 + type: string + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. + It defaults to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + staticForHostBasedRouting: + description: StaticForHostBasedRouting allows to integrate + with external ingress controllers by doing host based + routing through SNI capability. With this schema, operator + configures kafka advertised listeners only and no kubernetes + external service will be created. + properties: + brokerPrefix: + description: 'BrokerPrefix defines the prefix for + broker advertised endpoint and will be added as + brokerPrefix.domain If not configured, it will add + b as a prefix, like b#.domain where # will start + from 0 to replicas count' + minLength: 1 + type: string + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + port: + description: Port defines the port to be used in the + advertised listener for a broker + format: int32 + type: integer + required: + - domain + - port + type: object + staticForPortBasedRouting: + description: StaticForPortBasedRouting allows to enable + external access by port routing With this schema, operator + configures kafka advertised listeners only and no kubernetes + external service will be created. + properties: + host: + description: Host defines the host name to be used + in the advertised listener for a broker + minLength: 1 + type: string + portOffset: + description: PortOffset defines the portOffset to + be used and will go in the increasing order with + respect to the replicas count + format: int32 + type: integer + required: + - host + - portOffset + type: object + type: + description: Type defines supported kubernetes external + services + enum: + - loadBalancer + - nodePort + - route + - staticForPortBasedRouting + - staticForHostBasedRouting + type: string + required: + - type + type: object + name: + description: Name defines the name of the custom listener + internal/external/token can't be used as they are reserved + by the Operator + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + port: + description: Port will bind given port to the custom listener. + Port < 9093 is reserved by the Operator + format: int32 + minimum: 9093 + type: integer + tls: + description: ClientTLSConfig defines TLS configuration for + CP component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + required: + - name + - port + type: object + type: array + external: + description: KafkaExternalAccessListener is the kafka specific external + listener + properties: + authentication: + description: KafkaZkAuthentication defines authentication structure + for Kafka/ZK cluster. + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + principalMappingRules: + items: + type: string + type: array + type: + description: Type defines supported kafka authentication + types + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + externalAccess: + description: KafkaExternalAccess allows to configure external + access for Kafka cluster + properties: + ingress: + description: Ingress allows to create a ingress service + Not implemented yet! + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type ingress service + type: object + spec: + description: IngressSpec describes the Ingress the user + wishes to exist. + properties: + backend: + description: A default backend capable of servicing + requests that don't match any rule. At least one + of 'backend' or 'rules' must be specified. This + field is optional to allow the loadbalancer controller + or defaulting logic to specify a global default. + properties: + resource: + description: Resource is an ObjectRef to another + Kubernetes resource in the namespace of the + Ingress object. If resource is specified, + serviceName and servicePort must not be specified. + properties: + apiGroup: + description: APIGroup is the group for the + resource being referenced. If APIGroup + is not specified, the specified Kind must + be in the core API group. For any other + third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the referenced + service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the referenced + service. + x-kubernetes-int-or-string: true + type: object + ingressClassName: + description: IngressClassName is the name of the + IngressClass cluster resource. The associated + IngressClass defines which controller will implement + the resource. This replaces the deprecated `kubernetes.io/ingress.class` + annotation. For backwards compatibility, when + that annotation is set, it must be given precedence + over this field. The controller may emit a warning + if the field and annotation have different values. + Implementations of this API should ignore Ingresses + without a class specified. An IngressClass resource + may be marked as default, which can be used to + set a default value for this field. For more information, + refer to the IngressClass documentation. + type: string + rules: + description: A list of host rules used to configure + the Ingress. If unspecified, or no rule matches, + all traffic is sent to the default backend. + items: + description: IngressRule represents the rules + mapping the paths under a specified host to + the related backend services. Incoming requests + are first evaluated for a host match, then routed + to the backend associated with the matching + IngressRuleValue. + properties: + host: + description: "Host is the fully qualified + domain name of a network host, as defined + by RFC 3986. Note the following deviations + from the \"host\" part of the URI as defined + in RFC 3986: 1. IPs are not allowed. Currently + an IngressRuleValue can only apply to the + IP in the Spec of the parent Ingress. 2. + The `:` delimiter is not respected because + ports are not allowed. \t Currently the + port of an Ingress is implicitly :80 for + http and \t :443 for https. Both these + may change in the future. Incoming requests + are matched against the host before the + IngressRuleValue. If the host is unspecified, + the Ingress routes all traffic based on + the specified IngressRuleValue. \n Host + can be \"precise\" which is a domain name + without the terminating dot of a network + host (e.g. \"foo.bar.com\") or \"wildcard\", + which is a domain name prefixed with a single + wildcard label (e.g. \"*.foo.com\"). The + wildcard character '*' must appear by itself + as the first DNS label and matches only + a single label. You cannot have a wildcard + label by itself (e.g. Host == \"*\"). Requests + will be matched against the Host field in + the following way: 1. If Host is precise, + the request matches this rule if the http + host header is equal to Host. 2. If Host + is a wildcard, then the request matches + this rule if the http host header is to + equal to the suffix (removing the first + label) of the wildcard rule." + type: string + http: + description: 'HTTPIngressRuleValue is a list + of http selectors pointing to backends. + In the example: http:///? + -> backend where where parts of the url + correspond to RFC 3986, this resource will + be used to match against everything after + the last ''/'' and before the first ''?'' + or ''#''.' + properties: + paths: + description: A collection of paths that + map requests to backends. + items: + description: HTTPIngressPath associates + a path with a backend. Incoming urls + matching the path are forwarded to + the backend. + properties: + backend: + description: Backend defines the + referenced service endpoint to + which the traffic will be forwarded + to. + properties: + resource: + description: Resource is an + ObjectRef to another Kubernetes + resource in the namespace + of the Ingress object. If + resource is specified, serviceName + and servicePort must not be + specified. + properties: + apiGroup: + description: APIGroup is + the group for the resource + being referenced. If APIGroup + is not specified, the + specified Kind must be + in the core API group. + For any other third-party + types, APIGroup is required. + type: string + kind: + description: Kind is the + type of resource being + referenced + type: string + name: + description: Name is the + name of resource being + referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name + of the referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port + of the referenced service. + x-kubernetes-int-or-string: true + type: object + path: + description: Path is matched against + the path of an incoming request. + Currently it can contain characters + disallowed from the conventional + "path" part of a URL as defined + by RFC 3986. Paths must begin + with a '/'. When unspecified, + all paths from incoming requests + are matched. + type: string + pathType: + description: 'PathType determines + the interpretation of the Path + matching. PathType can be one + of the following values: * Exact: + Matches the URL path exactly. + * Prefix: Matches based on a URL + path prefix split by ''/''. Matching + is done on a path element by + element basis. A path element + refers is the list of labels + in the path split by the ''/'' + separator. A request is a match + for path p if every p is an element-wise + prefix of p of the request path. + Note that if the last element + of the path is a substring of + the last element in request path, + it is not a match (e.g. /foo/bar matches + /foo/bar/baz, but does not match + /foo/barbaz). * ImplementationSpecific: + Interpretation of the Path matching + is up to the IngressClass. Implementations + can treat this as a separate PathType or + treat it identically to Prefix + or Exact path types. Implementations + are required to support all path + types. Defaults to ImplementationSpecific.' + type: string + required: + - backend + type: object + type: array + required: + - paths + type: object + type: object + type: array + tls: + description: TLS configuration. Currently the Ingress + only supports a single TLS port, 443. If multiple + members of this list specify different hosts, + they will be multiplexed on the same port according + to the hostname specified through the SNI TLS + extension, if the ingress controller fulfilling + the ingress supports SNI. + items: + description: IngressTLS describes the transport + layer security associated with an Ingress. + properties: + hosts: + description: Hosts are a list of hosts included + in the TLS certificate. The values in this + list must match the name/s used in the tlsSecret. + Defaults to the wildcard host setting for + the loadbalancer controller fulfilling this + Ingress, if left unspecified. + items: + type: string + type: array + secretName: + description: SecretName is the name of the + secret used to terminate TLS traffic on + port 443. Field is left optional to allow + TLS routing based on SNI hostname alone. + If the SNI host in a listener conflicts + with the "Host" header field used by an + IngressRule, the SNI host is used for termination + and value of the Host header is used for + routing. + type: string + type: object + type: array + type: object + required: + - spec + type: object + loadBalancer: + description: LoadBalancer allows to create a kubernetes + load balancer service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type load balancer + type: object + bootstrapPrefix: + description: BootstrapPrefix defines the prefix for + bootstrap advertised endpoint and will be added as + bootstrapPrefix.domain If not configured it will be + the cluster name of CR + minLength: 1 + type: string + brokerPrefix: + description: 'BrokerPrefix defines the prefix for broker + advertised endpoint and will be added as brokerPrefix.domain + If not configured, it will add b as a prefix, like + b#.domain where # will start from 0 to replicas count' + minLength: 1 + type: string + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring + source range + items: + type: string + type: array + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. Field + can be enabled with ServiceAppProtocol feature + gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type=NodePort or LoadBalancer. + Usually assigned by the system. If specified, + it will be allocated to the service if unused + or else creation of the service will fail. Default + is to auto-allocate a port if the ServiceType + of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number + must be in the range 1 to 65535. Name must be + an IANA_SVC_NAME. If this is a string, it will + be looked up as a named port in the target Pod''s + container ports. If this is not specified, the + value of the ''port'' field is used (an identity + map). This field is ignored for services with + clusterIP=None, and should be omitted or set + equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node + port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port + offset to be used and will go in the increasing order + with respect to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. Field + can be enabled with ServiceAppProtocol feature + gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type=NodePort or LoadBalancer. + Usually assigned by the system. If specified, + it will be allocated to the service if unused + or else creation of the service will fail. Default + is to auto-allocate a port if the ServiceType + of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number + must be in the range 1 to 65535. Name must be + an IANA_SVC_NAME. If this is a string, it will + be looked up as a named port in the target Pod''s + container ports. If this is not specified, the + value of the ''port'' field is used (an identity + map). This field is ignored for services with + clusterIP=None, and should be omitted or set + equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for + OpenShift Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the OpenShift service type route + type: object + bootstrapPrefix: + description: BootstrapPrefix defines the prefix for + bootstrap advertised endpoint and will be added as + bootstrapPrefix.domain If not configured it will be + the cluster name of CR + minLength: 1 + type: string + brokerPrefix: + description: 'BrokerPrefix defines the prefix for broker + advertised endpoint and will be added as brokerPrefix.domain + If not configured, it will add b as a prefix, like + b#.domain where # will start from 0 to replicas count' + minLength: 1 + type: string + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. + It defaults to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + staticForHostBasedRouting: + description: StaticForHostBasedRouting allows to integrate + with external ingress controllers by doing host based + routing through SNI capability. With this schema, operator + configures kafka advertised listeners only and no kubernetes + external service will be created. + properties: + brokerPrefix: + description: 'BrokerPrefix defines the prefix for broker + advertised endpoint and will be added as brokerPrefix.domain + If not configured, it will add b as a prefix, like + b#.domain where # will start from 0 to replicas count' + minLength: 1 + type: string + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + port: + description: Port defines the port to be used in the + advertised listener for a broker + format: int32 + type: integer + required: + - domain + - port + type: object + staticForPortBasedRouting: + description: StaticForPortBasedRouting allows to enable + external access by port routing With this schema, operator + configures kafka advertised listeners only and no kubernetes + external service will be created. + properties: + host: + description: Host defines the host name to be used in + the advertised listener for a broker + minLength: 1 + type: string + portOffset: + description: PortOffset defines the portOffset to be + used and will go in the increasing order with respect + to the replicas count + format: int32 + type: integer + required: + - host + - portOffset + type: object + type: + description: Type defines supported kubernetes external + services + enum: + - loadBalancer + - nodePort + - route + - staticForPortBasedRouting + - staticForHostBasedRouting + type: string + required: + - type + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + internal: + description: Listener is the base fields for component listener + configuration + properties: + authentication: + description: KafkaZkAuthentication defines authentication structure + for Kafka/ZK cluster. + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + principalMappingRules: + items: + type: string + type: array + type: + description: Type defines supported kafka authentication + types + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + type: object + metricReporter: + description: MetricsReporter defines the metric reporter configuration + which will be enabled by default, and piggyback internal listener's + authentication and TLS if it is not set + properties: + authentication: + description: KafkaClientAuthentication defines the authentication + structure for all dependent CP Component for Kafka Cluster. + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + type: string + enabled: + type: boolean + replicationFactor: + format: int32 + type: integer + tls: + description: ClientTLSConfig defines TLS configuration for CP component + (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + required: + - enabled + type: object + metrics: + description: Metrics specifies the security settings for metric services + properties: + authentication: + description: Metrics security authentication + properties: + type: + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: Override for jmx-prometheus exporter configs + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Prometheus exporter rule override + properties: + attrNameSnakeCase: + minLength: 1 + type: string + cache: + minLength: 1 + type: string + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + minLength: 1 + type: string + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP component + (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: MountedSecrets defines list of secrets reference injected + to the the underlying statefulset configuration. The secret reference + is mounted secret mounted in default path /mnt/secrets/. + The underlying resources will follow the secret as a file configuration + as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod + Change will roll the cluster + items: + description: MountedSecrets allows provides a way to inject custom + secret to underlying statefulset. + properties: + keyItems: + description: keyItems is list of key and path names + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must + be a value between 0 and 0777. If not specified, the volume + defaultMode will be used. This might be in conflict with + other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key + to. May not be an absolute path. May not contain the path + element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: SecretRef defines the secret name referenced + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + oneReplicaPerNode: + description: OneReplicaPerNode enforces to run 1 pod per node through + pod anti-affinity capability. Enabling this configuration in existing + cluster will roll. Change will roll the cluster + type: boolean + podTemplate: + description: PodTemplate defines some statefulset pod template configuration + properties: + affinity: + description: 'Affinity is a group of affinity scheduling rules. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its + node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. + The TopologySelectorTerm type implements a subset + of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the + sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations defines an unstructured key value map + stored with a resource that may be set by external tools to store + and retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + envVars: + description: 'EnvVars defines the collection of EnvVar to inject + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Labels defines map of string keys and values that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present in + container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all + containers in a pod. Some volume types allow the Kubelet to + change the ownership of that volume to be owned by the pod: + \n 1. The owning GID will be the FSGroup 2. The setgid bit + is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership and permissions + of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence for + that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to + start the container if it does. If unset or false, no such + validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run + in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName defines priority class for the pod + (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: Probe defines some fields of standard kubernetes readiness/liveness + probe configuration. + properties: + liveness: + description: Liveness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + readiness: + description: Readiness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + type: object + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds defines grace period + for pod deletion + format: int64 + type: integer + tolerations: + description: Tolerations defines The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator . + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using the + matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to + Equal. Exists is equivalent to wildcard for value, so that + a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do + not evict). Zero and negative values will be treated as + 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + type: object + rackAssignment: + description: RackAssignment defines the rack awareness capability for + kafka + properties: + availabilityZoneCount: + description: AvailabilityZoneCount if configured will configure + broker.rack with formula (pod_id % azCount) this is mainly for + backwards compatibility with Operator 1.0 + format: int32 + type: integer + nodeLabels: + description: NodeLabels if configured uses the kubernetes node APIs + to to retrieve the value to be used in the broker.rack. This feature + requires Confluent Operaotr to run in cluster-level access + items: + type: string + minItems: 1 + type: array + type: object + replicas: + description: Replicas is the desired number of replicas of the given + Template. Change will roll the cluster + format: int32 + type: integer + services: + description: KafkaServices defines services supported part of kafka + properties: + kafkaRest: + description: RestApiServer embedded rest api server + properties: + externalAccess: + description: CPExternalAccess holds all external access policies + for non-kafka components + properties: + ingress: + description: Ingress allows to create a ingress service + Not implemented yet! + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type ingress service + type: object + spec: + description: IngressSpec describes the Ingress the user + wishes to exist. + properties: + backend: + description: A default backend capable of servicing + requests that don't match any rule. At least one + of 'backend' or 'rules' must be specified. This + field is optional to allow the loadbalancer controller + or defaulting logic to specify a global default. + properties: + resource: + description: Resource is an ObjectRef to another + Kubernetes resource in the namespace of the + Ingress object. If resource is specified, + serviceName and servicePort must not be specified. + properties: + apiGroup: + description: APIGroup is the group for the + resource being referenced. If APIGroup + is not specified, the specified Kind must + be in the core API group. For any other + third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the referenced + service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the referenced + service. + x-kubernetes-int-or-string: true + type: object + ingressClassName: + description: IngressClassName is the name of the + IngressClass cluster resource. The associated + IngressClass defines which controller will implement + the resource. This replaces the deprecated `kubernetes.io/ingress.class` + annotation. For backwards compatibility, when + that annotation is set, it must be given precedence + over this field. The controller may emit a warning + if the field and annotation have different values. + Implementations of this API should ignore Ingresses + without a class specified. An IngressClass resource + may be marked as default, which can be used to + set a default value for this field. For more information, + refer to the IngressClass documentation. + type: string + rules: + description: A list of host rules used to configure + the Ingress. If unspecified, or no rule matches, + all traffic is sent to the default backend. + items: + description: IngressRule represents the rules + mapping the paths under a specified host to + the related backend services. Incoming requests + are first evaluated for a host match, then routed + to the backend associated with the matching + IngressRuleValue. + properties: + host: + description: "Host is the fully qualified + domain name of a network host, as defined + by RFC 3986. Note the following deviations + from the \"host\" part of the URI as defined + in RFC 3986: 1. IPs are not allowed. Currently + an IngressRuleValue can only apply to the + IP in the Spec of the parent Ingress. 2. + The `:` delimiter is not respected because + ports are not allowed. \t Currently the + port of an Ingress is implicitly :80 for + http and \t :443 for https. Both these + may change in the future. Incoming requests + are matched against the host before the + IngressRuleValue. If the host is unspecified, + the Ingress routes all traffic based on + the specified IngressRuleValue. \n Host + can be \"precise\" which is a domain name + without the terminating dot of a network + host (e.g. \"foo.bar.com\") or \"wildcard\", + which is a domain name prefixed with a single + wildcard label (e.g. \"*.foo.com\"). The + wildcard character '*' must appear by itself + as the first DNS label and matches only + a single label. You cannot have a wildcard + label by itself (e.g. Host == \"*\"). Requests + will be matched against the Host field in + the following way: 1. If Host is precise, + the request matches this rule if the http + host header is equal to Host. 2. If Host + is a wildcard, then the request matches + this rule if the http host header is to + equal to the suffix (removing the first + label) of the wildcard rule." + type: string + http: + description: 'HTTPIngressRuleValue is a list + of http selectors pointing to backends. + In the example: http:///? + -> backend where where parts of the url + correspond to RFC 3986, this resource will + be used to match against everything after + the last ''/'' and before the first ''?'' + or ''#''.' + properties: + paths: + description: A collection of paths that + map requests to backends. + items: + description: HTTPIngressPath associates + a path with a backend. Incoming urls + matching the path are forwarded to + the backend. + properties: + backend: + description: Backend defines the + referenced service endpoint to + which the traffic will be forwarded + to. + properties: + resource: + description: Resource is an + ObjectRef to another Kubernetes + resource in the namespace + of the Ingress object. If + resource is specified, serviceName + and servicePort must not be + specified. + properties: + apiGroup: + description: APIGroup is + the group for the resource + being referenced. If APIGroup + is not specified, the + specified Kind must be + in the core API group. + For any other third-party + types, APIGroup is required. + type: string + kind: + description: Kind is the + type of resource being + referenced + type: string + name: + description: Name is the + name of resource being + referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name + of the referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port + of the referenced service. + x-kubernetes-int-or-string: true + type: object + path: + description: Path is matched against + the path of an incoming request. + Currently it can contain characters + disallowed from the conventional + "path" part of a URL as defined + by RFC 3986. Paths must begin + with a '/'. When unspecified, + all paths from incoming requests + are matched. + type: string + pathType: + description: 'PathType determines + the interpretation of the Path + matching. PathType can be one + of the following values: * Exact: + Matches the URL path exactly. + * Prefix: Matches based on a URL + path prefix split by ''/''. Matching + is done on a path element by + element basis. A path element + refers is the list of labels + in the path split by the ''/'' + separator. A request is a match + for path p if every p is an element-wise + prefix of p of the request path. + Note that if the last element + of the path is a substring of + the last element in request path, + it is not a match (e.g. /foo/bar matches + /foo/bar/baz, but does not match + /foo/barbaz). * ImplementationSpecific: + Interpretation of the Path matching + is up to the IngressClass. Implementations + can treat this as a separate PathType or + treat it identically to Prefix + or Exact path types. Implementations + are required to support all path + types. Defaults to ImplementationSpecific.' + type: string + required: + - backend + type: object + type: array + required: + - paths + type: object + type: object + type: array + tls: + description: TLS configuration. Currently the Ingress + only supports a single TLS port, 443. If multiple + members of this list specify different hosts, + they will be multiplexed on the same port according + to the hostname specified through the SNI TLS + extension, if the ingress controller fulfilling + the ingress supports SNI. + items: + description: IngressTLS describes the transport + layer security associated with an Ingress. + properties: + hosts: + description: Hosts are a list of hosts included + in the TLS certificate. The values in this + list must match the name/s used in the tlsSecret. + Defaults to the wildcard host setting for + the loadbalancer controller fulfilling this + Ingress, if left unspecified. + items: + type: string + type: array + secretName: + description: SecretName is the name of the + secret used to terminate TLS traffic on + port 443. Field is left optional to allow + TLS routing based on SNI hostname alone. + If the SNI host in a listener conflicts + with the "Host" header field used by an + IngressRule, the SNI host is used for termination + and value of the Host header is used for + routing. + type: string + type: object + type: array + type: object + required: + - spec + type: object + loadBalancer: + description: LoadBalancer allows to create a kubernetes + load balancer service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type load balancer + type: object + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring + source range + items: + type: string + type: array + port: + description: Port allows to configure external port + for client consumption If not configured, same internal/external + port will be configured per component Information + about the port can be retrieved through status API + format: int32 + type: integer + prefix: + description: Prefix will add prefix when configured + for the given domain If prefix is not configured, + the name of the cluster will be used as a default + value + minLength: 1 + type: string + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. Field + can be enabled with ServiceAppProtocol feature + gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type=NodePort or LoadBalancer. + Usually assigned by the system. If specified, + it will be allocated to the service if unused + or else creation of the service will fail. Default + is to auto-allocate a port if the ServiceType + of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number + must be in the range 1 to 65535. Name must be + an IANA_SVC_NAME. If this is a string, it will + be looked up as a named port in the target Pod''s + container ports. If this is not specified, the + value of the ''port'' field is used (an identity + map). This field is ignored for services with + clusterIP=None, and should be omitted or set + equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node + port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port + offset to be used and will go in the increasing order + with respect to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. Field + can be enabled with ServiceAppProtocol feature + gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type=NodePort or LoadBalancer. + Usually assigned by the system. If specified, + it will be allocated to the service if unused + or else creation of the service will fail. Default + is to auto-allocate a port if the ServiceType + of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number + must be in the range 1 to 65535. Name must be + an IANA_SVC_NAME. If this is a string, it will + be looked up as a named port in the target Pod''s + container ports. If this is not specified, the + value of the ''port'' field is used (an identity + map). This field is ignored for services with + clusterIP=None, and should be omitted or set + equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for + OpenShift Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the OpenShift service type route + type: object + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + prefix: + description: Prefix will add prefix when configured + for the given domain If prefix is not configured, + the name of the cluster will be used as a default + value + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. + It defaults to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: Type defines supported kubernetes external + services + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: MetaDataServer + properties: + authentication: + description: MDSAuthentication supported MDS server configuration + properties: + type: + enum: + - bearer + type: string + required: + - type + type: object + externalAccess: + description: CPExternalAccess holds all external access policies + for non-kafka components + properties: + ingress: + description: Ingress allows to create a ingress service + Not implemented yet! + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type ingress service + type: object + spec: + description: IngressSpec describes the Ingress the user + wishes to exist. + properties: + backend: + description: A default backend capable of servicing + requests that don't match any rule. At least one + of 'backend' or 'rules' must be specified. This + field is optional to allow the loadbalancer controller + or defaulting logic to specify a global default. + properties: + resource: + description: Resource is an ObjectRef to another + Kubernetes resource in the namespace of the + Ingress object. If resource is specified, + serviceName and servicePort must not be specified. + properties: + apiGroup: + description: APIGroup is the group for the + resource being referenced. If APIGroup + is not specified, the specified Kind must + be in the core API group. For any other + third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the referenced + service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the referenced + service. + x-kubernetes-int-or-string: true + type: object + ingressClassName: + description: IngressClassName is the name of the + IngressClass cluster resource. The associated + IngressClass defines which controller will implement + the resource. This replaces the deprecated `kubernetes.io/ingress.class` + annotation. For backwards compatibility, when + that annotation is set, it must be given precedence + over this field. The controller may emit a warning + if the field and annotation have different values. + Implementations of this API should ignore Ingresses + without a class specified. An IngressClass resource + may be marked as default, which can be used to + set a default value for this field. For more information, + refer to the IngressClass documentation. + type: string + rules: + description: A list of host rules used to configure + the Ingress. If unspecified, or no rule matches, + all traffic is sent to the default backend. + items: + description: IngressRule represents the rules + mapping the paths under a specified host to + the related backend services. Incoming requests + are first evaluated for a host match, then routed + to the backend associated with the matching + IngressRuleValue. + properties: + host: + description: "Host is the fully qualified + domain name of a network host, as defined + by RFC 3986. Note the following deviations + from the \"host\" part of the URI as defined + in RFC 3986: 1. IPs are not allowed. Currently + an IngressRuleValue can only apply to the + IP in the Spec of the parent Ingress. 2. + The `:` delimiter is not respected because + ports are not allowed. \t Currently the + port of an Ingress is implicitly :80 for + http and \t :443 for https. Both these + may change in the future. Incoming requests + are matched against the host before the + IngressRuleValue. If the host is unspecified, + the Ingress routes all traffic based on + the specified IngressRuleValue. \n Host + can be \"precise\" which is a domain name + without the terminating dot of a network + host (e.g. \"foo.bar.com\") or \"wildcard\", + which is a domain name prefixed with a single + wildcard label (e.g. \"*.foo.com\"). The + wildcard character '*' must appear by itself + as the first DNS label and matches only + a single label. You cannot have a wildcard + label by itself (e.g. Host == \"*\"). Requests + will be matched against the Host field in + the following way: 1. If Host is precise, + the request matches this rule if the http + host header is equal to Host. 2. If Host + is a wildcard, then the request matches + this rule if the http host header is to + equal to the suffix (removing the first + label) of the wildcard rule." + type: string + http: + description: 'HTTPIngressRuleValue is a list + of http selectors pointing to backends. + In the example: http:///? + -> backend where where parts of the url + correspond to RFC 3986, this resource will + be used to match against everything after + the last ''/'' and before the first ''?'' + or ''#''.' + properties: + paths: + description: A collection of paths that + map requests to backends. + items: + description: HTTPIngressPath associates + a path with a backend. Incoming urls + matching the path are forwarded to + the backend. + properties: + backend: + description: Backend defines the + referenced service endpoint to + which the traffic will be forwarded + to. + properties: + resource: + description: Resource is an + ObjectRef to another Kubernetes + resource in the namespace + of the Ingress object. If + resource is specified, serviceName + and servicePort must not be + specified. + properties: + apiGroup: + description: APIGroup is + the group for the resource + being referenced. If APIGroup + is not specified, the + specified Kind must be + in the core API group. + For any other third-party + types, APIGroup is required. + type: string + kind: + description: Kind is the + type of resource being + referenced + type: string + name: + description: Name is the + name of resource being + referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name + of the referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port + of the referenced service. + x-kubernetes-int-or-string: true + type: object + path: + description: Path is matched against + the path of an incoming request. + Currently it can contain characters + disallowed from the conventional + "path" part of a URL as defined + by RFC 3986. Paths must begin + with a '/'. When unspecified, + all paths from incoming requests + are matched. + type: string + pathType: + description: 'PathType determines + the interpretation of the Path + matching. PathType can be one + of the following values: * Exact: + Matches the URL path exactly. + * Prefix: Matches based on a URL + path prefix split by ''/''. Matching + is done on a path element by + element basis. A path element + refers is the list of labels + in the path split by the ''/'' + separator. A request is a match + for path p if every p is an element-wise + prefix of p of the request path. + Note that if the last element + of the path is a substring of + the last element in request path, + it is not a match (e.g. /foo/bar matches + /foo/bar/baz, but does not match + /foo/barbaz). * ImplementationSpecific: + Interpretation of the Path matching + is up to the IngressClass. Implementations + can treat this as a separate PathType or + treat it identically to Prefix + or Exact path types. Implementations + are required to support all path + types. Defaults to ImplementationSpecific.' + type: string + required: + - backend + type: object + type: array + required: + - paths + type: object + type: object + type: array + tls: + description: TLS configuration. Currently the Ingress + only supports a single TLS port, 443. If multiple + members of this list specify different hosts, + they will be multiplexed on the same port according + to the hostname specified through the SNI TLS + extension, if the ingress controller fulfilling + the ingress supports SNI. + items: + description: IngressTLS describes the transport + layer security associated with an Ingress. + properties: + hosts: + description: Hosts are a list of hosts included + in the TLS certificate. The values in this + list must match the name/s used in the tlsSecret. + Defaults to the wildcard host setting for + the loadbalancer controller fulfilling this + Ingress, if left unspecified. + items: + type: string + type: array + secretName: + description: SecretName is the name of the + secret used to terminate TLS traffic on + port 443. Field is left optional to allow + TLS routing based on SNI hostname alone. + If the SNI host in a listener conflicts + with the "Host" header field used by an + IngressRule, the SNI host is used for termination + and value of the Host header is used for + routing. + type: string + type: object + type: array + type: object + required: + - spec + type: object + loadBalancer: + description: LoadBalancer allows to create a kubernetes + load balancer service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type load balancer + type: object + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring + source range + items: + type: string + type: array + port: + description: Port allows to configure external port + for client consumption If not configured, same internal/external + port will be configured per component Information + about the port can be retrieved through status API + format: int32 + type: integer + prefix: + description: Prefix will add prefix when configured + for the given domain If prefix is not configured, + the name of the cluster will be used as a default + value + minLength: 1 + type: string + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. Field + can be enabled with ServiceAppProtocol feature + gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type=NodePort or LoadBalancer. + Usually assigned by the system. If specified, + it will be allocated to the service if unused + or else creation of the service will fail. Default + is to auto-allocate a port if the ServiceType + of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number + must be in the range 1 to 65535. Name must be + an IANA_SVC_NAME. If this is a string, it will + be looked up as a named port in the target Pod''s + container ports. If this is not specified, the + value of the ''port'' field is used (an identity + map). This field is ignored for services with + clusterIP=None, and should be omitted or set + equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node + port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port + offset to be used and will go in the increasing order + with respect to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. Field + can be enabled with ServiceAppProtocol feature + gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type=NodePort or LoadBalancer. + Usually assigned by the system. If specified, + it will be allocated to the service if unused + or else creation of the service will fail. Default + is to auto-allocate a port if the ServiceType + of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number + must be in the range 1 to 65535. Name must be + an IANA_SVC_NAME. If this is a string, it will + be looked up as a named port in the target Pod''s + container ports. If this is not specified, the + value of the ''port'' field is used (an identity + map). This field is ignored for services with + clusterIP=None, and should be omitted or set + equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for + OpenShift Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the OpenShift service type route + type: object + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + prefix: + description: Prefix will add prefix when configured + for the given domain If prefix is not configured, + the name of the cluster will be used as a default + value + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. + It defaults to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: Type defines supported kubernetes external + services + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + provider: + properties: + ldap: + description: LdapService LDAP configuration for RBAC + properties: + address: + type: string + authentication: + description: LdapAuthentication supported ldap configuration + for RBAC + properties: + simple: + description: LdapSimpleAuthentication load credential + either for secret or directory path in container + for RBAC + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - simple + - mtls + type: string + required: + - type + type: object + configurations: + description: LdapSettings ldap configurations for CP + RBAC. Anything missing can be passed through configOverride + capability + properties: + groupMemberAttribute: + minLength: 1 + type: string + groupMemberAttributePattern: + minLength: 1 + type: string + groupNameAttribute: + minLength: 1 + type: string + groupObjectClass: + minLength: 1 + type: string + groupSearchBase: + minLength: 1 + type: string + groupSearchFilter: + minLength: 1 + type: string + groupSearchScope: + format: int32 + type: integer + userMemberOfAttributePattern: + minLength: 1 + type: string + userNameAttribute: + minLength: 1 + type: string + userObjectClass: + minLength: 1 + type: string + userSearchBase: + minLength: 1 + type: string + userSearchFilter: + minLength: 1 + type: string + userSearchScope: + format: int32 + type: integer + type: object + tls: + description: ClientTLSConfig defines TLS configuration + for CP component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the + directory path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration + for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure + ignores the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name + referenced for jks password + properties: + secretRef: + description: SecretRef defines the secret name + referenced for jks password More information + about jks password key/value format can be + found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + required: + - address + - authentication + - configurations + type: object + type: + enum: + - ldap + type: string + required: + - ldap + - type + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: MDSTokenKeyPair load either through secretRef or + directory path + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - provider + - tokenKeyPair + type: object + type: object + storageClass: + description: StorageClass defines the user provided storage class. If + not configured, it will use default storage class. + properties: + name: + description: Name defines name is the storage class reference name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + telemetry: + description: ConfluentTelemetry defines the confluent telemetry reporter + configuration + properties: + global: + description: Global will allow disabling telemetry configuration. + If Operator is deployed with telemetry, this field is only is + used to disabled. By default the value is true if telemetry is + enabled in global level. + type: boolean + type: object + tls: + description: TLS defines the global level TLS configuration which can + be used by listeners and services if they all want to share same certificate. + properties: + autoGeneratedCerts: + description: AutoGenerated if configures generates the certificates + based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where keystore/truststore.jks/jksPassword.txt keys + are mounted. CP will not configure truststore.jks can be ignored + with IgnoreTrustStoreConfig field + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the truststore + configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced for + jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced for + jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for certificates + More information about certificates key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - dataVolumeCapacity + - image + - replicas + type: object + status: + description: KafkaStatus defines the observed state of KafkaServer + properties: + authorizationType: + type: string + brokerIdOffset: + format: int32 + type: integer + clusterName: + description: ClusterName defines the name of the cluster + type: string + clusterNamespace: + description: ClusterNamespace provides the namespace where cluster is + running + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + currentReplicas: + description: CurrentReplicas defines current running replicas + format: int32 + type: integer + externalClient: + type: string + internalSecrets: + description: InternalSecrets defines the list of internal secrets created + by Operator for each CP component. + items: + type: string + type: array + internalTopicNames: + description: InternalTopicNames is a list of topics used by the component + for internal use + items: + type: string + type: array + listeners: + additionalProperties: + properties: + advertisedExternalEndpoints: + description: AdvertisedExternalEndpoints defines other advertised + endpoints, especially use for kafka + items: + type: string + type: array + authenticationType: + description: AuthenticationType defines authentication type configured + by a listener + type: string + client: + type: string + externalEndpoint: + description: ExternalEndpoint defines the external endpoint to + connect to the service + type: string + internalEndpoint: + description: InternalEndpoint defines the internal endpoint to + connect to the service + type: string + tls: + description: TLS defines whether tls is configured by a listener + type: boolean + type: object + type: object + minISR: + format: int32 + type: integer + operatorVersion: + description: OperatorVersion defines the internal version of operator + type: string + phase: + description: Phase defines the state of the CP component + type: string + readyReplicas: + description: ReadyReplicas defines current ready replicas + format: int32 + type: integer + replicas: + description: Replicas defines replicas + format: int32 + type: integer + replicationFactor: + format: int32 + type: integer + services: + additionalProperties: + description: ListenerStatus describes general information about a + listeners + properties: + advertisedExternalEndpoints: + description: AdvertisedExternalEndpoints defines other advertised + endpoints, especially use for kafka + items: + type: string + type: array + authenticationType: + description: AuthenticationType defines authentication type configured + by a listener + type: string + externalEndpoint: + description: ExternalEndpoint defines the external endpoint to + connect to the service + type: string + internalEndpoint: + description: InternalEndpoint defines the internal endpoint to + connect to the service + type: string + tls: + description: TLS defines whether tls is configured by a listener + type: boolean + type: object + type: object + zookeeperConnect: + type: string + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.0.0/crds/platform.confluent.io_kafkatopics.yaml b/base/cfk-base/2.0.0/crds/platform.confluent.io_kafkatopics.yaml new file mode 100644 index 0000000..fc5ab3e --- /dev/null +++ b/base/cfk-base/2.0.0/crds/platform.confluent.io_kafkatopics.yaml @@ -0,0 +1,290 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_kafkatopics.yaml + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: kafkatopics.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.replicas + name: Replicas + type: string + - JSONPath: .status.partitionCount + name: Partition + type: string + - JSONPath: .status.state + name: Status + type: string + - JSONPath: .status.kafkaClusterId + name: ClusterId + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: KafkaTopic + listKind: KafkaTopicList + plural: kafkatopics + shortNames: + - kt + - topic + singular: kafkatopic + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: KafkaTopic is the Schema for the kafkatopics API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KafkaTopicSpec defines the desired state of KafkaTopic + properties: + configs: + additionalProperties: + type: string + description: Configs allows passing configs for topic More information + about topic configs is available here https://docs.confluent.io/current/installation/configuration/topic-configs.html + type: object + kafkaClusterRef: + description: KafkaClusterRef defines the name of the kafka cluster + properties: + name: + description: Name defines name of the Kafka cluster + minLength: 1 + type: string + namespace: + description: Namespace defines namespace where kafka cluster is + running + minLength: 1 + type: string + required: + - name + type: object + kafkaRest: + description: KafkaRestRef defines the Kafka Rest API configuration + properties: + authentication: + description: Authentication defines authentication of Kafka Rest + API + properties: + basic: + description: BasicAuthentication defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic + credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on + the server side only. Changes will be only reflected in + ControlCenter (C3). This configuration is ignored on the + client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on + the server side only. This configuration is ignored on + the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + bearer: + description: BearerAuthentication used by MDS clients + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - basic + - bearer + type: string + required: + - type + type: object + endpoint: + description: Endpoint defines where confluent Kafka Rest API is + running + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: TLSDependencyConfig defines the client side tls configuration + to connect to Kafka Rest API + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + kafkaRestClassRef: + description: KafkaRestClassRef defines the reference for KafkaRestClass + which defines Kafka Rest API + properties: + name: + description: Name defines the name of KafkaRestClass + minLength: 1 + type: string + namespace: + description: Namespace defines the namespace of the KafkaRestClass + type: string + required: + - name + type: object + name: + description: Name defines the topic name. If not configured uses the + CR name as topic name. + maxLength: 255 + minLength: 1 + pattern: ^[a-zA-Z0-9\._\-]*$ + type: string + partitionCount: + description: PartitionCount defines the partition count + format: int32 + minimum: 1 + type: integer + replicas: + description: Replicas defines the replication factor for a topic + format: int32 + minimum: 1 + type: integer + type: object + status: + description: KafkaTopicStatus defines the observed state of KafkaTopic + properties: + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + kafkaClusterId: + type: string + kafkaRestEndpoint: + type: string + partitionCount: + format: int32 + type: integer + replicas: + format: int32 + type: integer + state: + type: string + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.0.0/crds/platform.confluent.io_ksqldbs.yaml b/base/cfk-base/2.0.0/crds/platform.confluent.io_ksqldbs.yaml new file mode 100644 index 0000000..4c773c8 --- /dev/null +++ b/base/cfk-base/2.0.0/crds/platform.confluent.io_ksqldbs.yaml @@ -0,0 +1,2722 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_ksqldbs.yaml + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: ksqldbs.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.replicas + name: Replicas + type: string + - JSONPath: .status.readyReplicas + name: Ready + type: string + - JSONPath: .status.phase + name: Status + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.kafka.bootstrapEndpoint + name: Kafka + priority: 1 + type: string + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: KsqlDB + listKind: KsqlDBList + plural: ksqldbs + shortNames: + - ksqldb + - ksql + singular: ksqldb + preserveUnknownFields: false + scope: Namespaced + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + validation: + openAPIV3Schema: + description: KsqlDB is the Schema for the ksql API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KafkaSpec defines the desired state of CP component, Kafka + Server + properties: + authentication: + description: Authentication specifies whether auth is needed when accessing + the ksqlDB rest server. + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic credential + through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on the + server side only. Changes will be only reflected in ControlCenter + (C3). This configuration is ignored on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on the + server side only. This configuration is ignored on the client + side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme for Rest + Server + enum: + - basic + - mtls + type: string + required: + - type + type: object + authorization: + description: Authorization configuration defines RBAC configuration + properties: + kafkaRestClassRef: + description: KafkaRestClassRef defines the reference for KafkaRestClass + which defines Kafka Rest API + properties: + name: + description: Name defines the name of KafkaRestClass + minLength: 1 + type: string + namespace: + description: Namespace defines the namespace of the KafkaRestClass + type: string + required: + - name + type: object + type: + enum: + - rbac + type: string + required: + - type + type: object + configOverrides: + description: ConfigurationOverrides defines capability to override server/jvm/log4j + properties for each Confluent platform component. Change will roll + the cluster + properties: + jvm: + description: JVM defines a list of jvm configuration supported by + application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported by + application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + dataVolumeCapacity: + anyOf: + - type: integer + - type: string + description: Data volume + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + dependencies: + description: Dependencies defines dependencies Kafka, interceptor, schemaregistry, + mds dependencies + properties: + interceptor: + description: InterceptorDependency defines interceptor settings + for CP component + properties: + configs: + description: Configs defines configs for the CP interceptor + Config override feature can be used to pass config + items: + type: string + type: array + consumer: + description: Consumer defines the consumer configuration for + interceptor. If not configured it will use the kafka dependency + configuration + properties: + authentication: + description: Authentication defines the authentication for + the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's + JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference + to pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete + JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability + to discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is + running Uses the same namespace where Operator is + running if not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side + TLS setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + enabled: + description: Enabled defines to enable the CP interceptor configuration + type: boolean + producer: + description: Producer defines the producer configuration for + interceptor. If not configured it will use the kafka dependency + configuration + properties: + authentication: + description: Authentication defines the authentication for + the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's + JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference + to pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete + JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability + to discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is + running Uses the same namespace where Operator is + running if not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side + TLS setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + publishMs: + type: integer + required: + - enabled + type: object + kafka: + description: KafkaClientDependency allows configuring CP component + dependency to configure kafka settings + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: MDSDependencies defines MDS configure when CP RBAC + is enabled + properties: + authentication: + description: Authentication defines MDS authentication configuration + properties: + bearer: + description: BearerAuthentication defines bearer authentication + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines the authentication type support + for MDS + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: Endpoint defines the mds endpoint + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: TokenKeyPair defines the token keypair to configure + MDS + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - authentication + - endpoint + - tokenKeyPair + type: object + schemaRegistry: + description: SchemaRegistryClientDependency allows configuring CP + component dependency to configure schemaRegistry settings + properties: + authentication: + description: Authentication defines the authentication for the + schemaregistry cluster + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass + basic credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles + on the server side only. Changes will be only reflected + in ControlCenter (C3). This configuration is ignored + on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is ignored + on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for schemaregistry cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - url + type: object + type: object + externalAccess: + description: Provides configuring endpoints and services to make ksqlDB + accessible from outside the cluster + properties: + ingress: + description: Ingress allows to create a ingress service Not implemented + yet! + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type ingress service + type: object + spec: + description: IngressSpec describes the Ingress the user wishes + to exist. + properties: + backend: + description: A default backend capable of servicing requests + that don't match any rule. At least one of 'backend' or + 'rules' must be specified. This field is optional to allow + the loadbalancer controller or defaulting logic to specify + a global default. + properties: + resource: + description: Resource is an ObjectRef to another Kubernetes + resource in the namespace of the Ingress object. If + resource is specified, serviceName and servicePort + must not be specified. + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the referenced service. + x-kubernetes-int-or-string: true + type: object + ingressClassName: + description: IngressClassName is the name of the IngressClass + cluster resource. The associated IngressClass defines + which controller will implement the resource. This replaces + the deprecated `kubernetes.io/ingress.class` annotation. + For backwards compatibility, when that annotation is set, + it must be given precedence over this field. The controller + may emit a warning if the field and annotation have different + values. Implementations of this API should ignore Ingresses + without a class specified. An IngressClass resource may + be marked as default, which can be used to set a default + value for this field. For more information, refer to the + IngressClass documentation. + type: string + rules: + description: A list of host rules used to configure the + Ingress. If unspecified, or no rule matches, all traffic + is sent to the default backend. + items: + description: IngressRule represents the rules mapping + the paths under a specified host to the related backend + services. Incoming requests are first evaluated for + a host match, then routed to the backend associated + with the matching IngressRuleValue. + properties: + host: + description: "Host is the fully qualified domain name + of a network host, as defined by RFC 3986. Note + the following deviations from the \"host\" part + of the URI as defined in RFC 3986: 1. IPs are not + allowed. Currently an IngressRuleValue can only + apply to the IP in the Spec of the parent Ingress. + 2. The `:` delimiter is not respected because ports + are not allowed. \t Currently the port of an Ingress + is implicitly :80 for http and \t :443 for https. + Both these may change in the future. Incoming requests + are matched against the host before the IngressRuleValue. + If the host is unspecified, the Ingress routes all + traffic based on the specified IngressRuleValue. + \n Host can be \"precise\" which is a domain name + without the terminating dot of a network host (e.g. + \"foo.bar.com\") or \"wildcard\", which is a domain + name prefixed with a single wildcard label (e.g. + \"*.foo.com\"). The wildcard character '*' must + appear by itself as the first DNS label and matches + only a single label. You cannot have a wildcard + label by itself (e.g. Host == \"*\"). Requests will + be matched against the Host field in the following + way: 1. If Host is precise, the request matches + this rule if the http host header is equal to Host. + 2. If Host is a wildcard, then the request matches + this rule if the http host header is to equal to + the suffix (removing the first label) of the wildcard + rule." + type: string + http: + description: 'HTTPIngressRuleValue is a list of http + selectors pointing to backends. In the example: + http:///? -> backend where + where parts of the url correspond to RFC 3986, this + resource will be used to match against everything + after the last ''/'' and before the first ''?'' + or ''#''.' + properties: + paths: + description: A collection of paths that map requests + to backends. + items: + description: HTTPIngressPath associates a path + with a backend. Incoming urls matching the + path are forwarded to the backend. + properties: + backend: + description: Backend defines the referenced + service endpoint to which the traffic + will be forwarded to. + properties: + resource: + description: Resource is an ObjectRef + to another Kubernetes resource in + the namespace of the Ingress object. + If resource is specified, serviceName + and servicePort must not be specified. + properties: + apiGroup: + description: APIGroup is the group + for the resource being referenced. + If APIGroup is not specified, + the specified Kind must be in + the core API group. For any other + third-party types, APIGroup is + required. + type: string + kind: + description: Kind is the type of + resource being referenced + type: string + name: + description: Name is the name of + resource being referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the + referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the + referenced service. + x-kubernetes-int-or-string: true + type: object + path: + description: Path is matched against the + path of an incoming request. Currently + it can contain characters disallowed from + the conventional "path" part of a URL + as defined by RFC 3986. Paths must begin + with a '/'. When unspecified, all paths + from incoming requests are matched. + type: string + pathType: + description: 'PathType determines the interpretation + of the Path matching. PathType can be + one of the following values: * Exact: + Matches the URL path exactly. * Prefix: + Matches based on a URL path prefix split + by ''/''. Matching is done on a path + element by element basis. A path element + refers is the list of labels in the + path split by the ''/'' separator. A request + is a match for path p if every p is + an element-wise prefix of p of the request + path. Note that if the last element of + the path is a substring of the last + element in request path, it is not a match + (e.g. /foo/bar matches /foo/bar/baz, + but does not match /foo/barbaz). * ImplementationSpecific: + Interpretation of the Path matching is + up to the IngressClass. Implementations + can treat this as a separate PathType or + treat it identically to Prefix or Exact + path types. Implementations are required + to support all path types. Defaults to + ImplementationSpecific.' + type: string + required: + - backend + type: object + type: array + required: + - paths + type: object + type: object + type: array + tls: + description: TLS configuration. Currently the Ingress only + supports a single TLS port, 443. If multiple members of + this list specify different hosts, they will be multiplexed + on the same port according to the hostname specified through + the SNI TLS extension, if the ingress controller fulfilling + the ingress supports SNI. + items: + description: IngressTLS describes the transport layer + security associated with an Ingress. + properties: + hosts: + description: Hosts are a list of hosts included in + the TLS certificate. The values in this list must + match the name/s used in the tlsSecret. Defaults + to the wildcard host setting for the loadbalancer + controller fulfilling this Ingress, if left unspecified. + items: + type: string + type: array + secretName: + description: SecretName is the name of the secret + used to terminate TLS traffic on port 443. Field + is left optional to allow TLS routing based on SNI + hostname alone. If the SNI host in a listener conflicts + with the "Host" header field used by an IngressRule, + the SNI host is used for termination and value of + the Host header is used for routing. + type: string + type: object + type: array + type: object + required: + - spec + type: object + loadBalancer: + description: LoadBalancer allows to create a kubernetes load balancer + service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type load balancer + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring source + range + items: + type: string + type: array + port: + description: Port allows to configure external port for client + consumption If not configured, same internal/external port + will be configured per component Information about the port + can be retrieved through status API + format: int32 + type: integer + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port offset + to be used and will go in the increasing order with respect + to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for OpenShift + Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the OpenShift + service type route + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. It defaults + to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: Type defines supported kubernetes external services + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + image: + description: Image defines application and init docker image configuration. + Change will roll the cluster + properties: + application: + description: Application defines application docker image name + pattern: .+:.+ + type: string + init: + description: Init defines init-container name + pattern: .+:.+ + type: string + pullSecretRef: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods that + reference this ServiceAccount. ImagePullSecrets are distinct from + Secrets because Secrets can be mounted in the pod, but ImagePullSecrets + are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: InjectAnnotations annotations are injected to all the internal + resources created by Operator. All the internal annotations is preserved + and forbidden to override. For pod annotations, use podTemplate.annotations + type: object + injectLabels: + additionalProperties: + type: string + description: InjectLabels labels are injected to all the internal resources + created by Operator. All the internal labels is preserved and forbidden + to override. For pod labels, use podTemplate.labels + type: object + internalTopicReplicationFactor: + description: Replication factor for internal topics + format: int32 + type: integer + k8sClusterDomain: + description: K8SClusterDomain defines configuring kubernetes cluster + domain if required. If this setting is not configured it will default + to cluster.local domain. + type: string + license: + description: License defines license configuration for Confluent platform + component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where license key is mounted. More information about + the usage be found in Confluent Operator document. + minLength: 1 + type: string + globalLicense: + description: GlobalLicense specifies whether operator pod license + will be used for this component If enabled then Confluent platform + component shares Confluent Operator license. + type: boolean + secretRef: + description: SecretRef is secret reference which provides license + for CP component More information about the license key struct + can be found in Confluent Operator document. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + metrics: + description: Metrics specifies the security settings for metric services + properties: + authentication: + description: Metrics security authentication + properties: + type: + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: Override for jmx-prometheus exporter configs + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Prometheus exporter rule override + properties: + attrNameSnakeCase: + minLength: 1 + type: string + cache: + minLength: 1 + type: string + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + minLength: 1 + type: string + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP component + (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: MountedSecrets defines list of secrets reference injected + to the the underlying statefulset configuration. The secret reference + is mounted secret mounted in default path /mnt/secrets/. + The underlying resources will follow the secret as a file configuration + as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod + Change will roll the cluster + items: + description: MountedSecrets allows provides a way to inject custom + secret to underlying statefulset. + properties: + keyItems: + description: keyItems is list of key and path names + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must + be a value between 0 and 0777. If not specified, the volume + defaultMode will be used. This might be in conflict with + other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key + to. May not be an absolute path. May not contain the path + element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: SecretRef defines the secret name referenced + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + oneReplicaPerNode: + description: OneReplicaPerNode enforces to run 1 pod per node through + pod anti-affinity capability. Enabling this configuration in existing + cluster will roll. Change will roll the cluster + type: boolean + podTemplate: + description: PodTemplate defines some statefulset pod template configuration + properties: + affinity: + description: 'Affinity is a group of affinity scheduling rules. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its + node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. + The TopologySelectorTerm type implements a subset + of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the + sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations defines an unstructured key value map + stored with a resource that may be set by external tools to store + and retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + envVars: + description: 'EnvVars defines the collection of EnvVar to inject + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Labels defines map of string keys and values that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present in + container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all + containers in a pod. Some volume types allow the Kubelet to + change the ownership of that volume to be owned by the pod: + \n 1. The owning GID will be the FSGroup 2. The setgid bit + is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership and permissions + of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence for + that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to + start the container if it does. If unset or false, no such + validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run + in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName defines priority class for the pod + (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: Probe defines some fields of standard kubernetes readiness/liveness + probe configuration. + properties: + liveness: + description: Liveness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + readiness: + description: Readiness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + type: object + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds defines grace period + for pod deletion + format: int64 + type: integer + tolerations: + description: Tolerations defines The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator . + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using the + matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to + Equal. Exists is equivalent to wildcard for value, so that + a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do + not evict). Zero and negative values will be treated as + 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + type: object + replicas: + description: Replicas is the desired number of replicas of the given + Template. Change will roll the cluster + format: int32 + type: integer + storageClass: + description: Storage class used for creating pvc's of created ksqlDB + pods + properties: + name: + description: Name defines name is the storage class reference name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + telemetry: + description: ConfluentTelemetry defines the confluent telemetry reporter + configuration + properties: + global: + description: Global will allow disabling telemetry configuration. + If Operator is deployed with telemetry, this field is only is + used to disabled. By default the value is true if telemetry is + enabled in global level. + type: boolean + type: object + tls: + description: Specifies TLS configurations for the ksqlDB rest server. + properties: + autoGeneratedCerts: + description: AutoGenerated if configures generates the certificates + based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where keystore/truststore.jks/jksPassword.txt keys + are mounted. CP will not configure truststore.jks can be ignored + with IgnoreTrustStoreConfig field + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the truststore + configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced for + jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced for + jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for certificates + More information about certificates key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - dataVolumeCapacity + - image + - replicas + type: object + status: + description: KsqlDBStatus defines the observed state of KSQLServer + properties: + authorizationType: + type: string + clusterName: + description: ClusterName defines the name of the cluster + type: string + clusterNamespace: + description: ClusterNamespace provides the namespace where cluster is + running + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + currentReplicas: + description: CurrentReplicas defines current running replicas + format: int32 + type: integer + internalSecrets: + description: InternalSecrets defines the list of internal secrets created + by Operator for each CP component. + items: + type: string + type: array + internalTopicNames: + description: InternalTopicNames is a list of topics used by the component + for internal use + items: + type: string + type: array + kafka: + description: KafkaClientInfoStatus defines the kafka client side status + for all CP component + properties: + authenticationType: + description: AuthenticationType defines the authentication type + for kafka + type: string + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + type: string + tls: + description: TLS defines if tls is enabled for kafka dependency + type: boolean + type: object + operatorVersion: + description: OperatorVersion defines the internal version of operator + type: string + phase: + description: Phase defines the state of the CP component + type: string + rbac: + description: RBACInfoStatus defines RBAC related status when RBAC is + enabled + properties: + clusterId: + description: ClusterId defines the id of cluster + type: string + internalRolebindings: + description: RolebindingState defines the state of internal rolebindings + items: + type: string + type: array + type: object + readyReplicas: + description: ReadyReplicas defines current ready replicas + format: int32 + type: integer + replicas: + description: Replicas defines replicas + format: int32 + type: integer + restConfig: + description: ListenerStatus describes general information about a listeners + properties: + advertisedExternalEndpoints: + description: AdvertisedExternalEndpoints defines other advertised + endpoints, especially use for kafka + items: + type: string + type: array + authenticationType: + description: AuthenticationType defines authentication type configured + by a listener + type: string + externalEndpoint: + description: ExternalEndpoint defines the external endpoint to connect + to the service + type: string + internalEndpoint: + description: InternalEndpoint defines the internal endpoint to connect + to the service + type: string + tls: + description: TLS defines whether tls is configured by a listener + type: boolean + type: object + serviceId: + type: string + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.0.0/crds/platform.confluent.io_migrationjobs.yaml b/base/cfk-base/2.0.0/crds/platform.confluent.io_migrationjobs.yaml new file mode 100644 index 0000000..2a50c83 --- /dev/null +++ b/base/cfk-base/2.0.0/crds/platform.confluent.io_migrationjobs.yaml @@ -0,0 +1,672 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_migrationjobs.yaml + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: migrationjobs.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: MigrationJob + listKind: MigrationJobList + plural: migrationjobs + shortNames: + - migrationjob + - migration + singular: migrationjob + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: MigrationJob is the Schema for the migrationjobs API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MigrationJobSpec defines the desired state of MigrationJob + properties: + blockReconcile: + type: boolean + connect: + description: ConnectMigrationJobSpec defines the desired state of Connect + after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must be + unique. An empty namespace is equivalent to the "default" namespace, + but "default" is the canonical representation. Not all objects + are required to be scoped to a namespace - the value of this field + for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + controlcenter: + description: ControlCenterMigrationJobSpec defines the desired state + of ControlCenter after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must be + unique. An empty namespace is equivalent to the "default" namespace, + but "default" is the canonical representation. Not all objects + are required to be scoped to a namespace - the value of this field + for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + initContainerImage: + minLength: 1 + type: string + kafka: + description: KafkaMigrationJobSpec defines the descired state of Kafka + after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must be + unique. An empty namespace is equivalent to the "default" namespace, + but "default" is the canonical representation. Not all objects + are required to be scoped to a namespace - the value of this field + for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + ksqldb: + description: KsqlDBMigrationJobSpec defines the desired state of KsqlDB + after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must be + unique. An empty namespace is equivalent to the "default" namespace, + but "default" is the canonical representation. Not all objects + are required to be scoped to a namespace - the value of this field + for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + pullSecretRef: + items: + type: string + type: array + replicator: + description: ReplicatorMigrationJobSpec defines the desired state of + Replicator after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must be + unique. An empty namespace is equivalent to the "default" namespace, + but "default" is the canonical representation. Not all objects + are required to be scoped to a namespace - the value of this field + for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + schemaRegistry: + description: SchemaRegistryMigrationJobSpec defines the desired state + of SchemaRegistry after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must be + unique. An empty namespace is equivalent to the "default" namespace, + but "default" is the canonical representation. Not all objects + are required to be scoped to a namespace - the value of this field + for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + skipCleanup: + type: boolean + skipRollback: + type: boolean + zookeeper: + description: ZookeeperMigrationJobSpec defines the desired state of + Zookeeper after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must be + unique. An empty namespace is equivalent to the "default" namespace, + but "default" is the canonical representation. Not all objects + are required to be scoped to a namespace - the value of this field + for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + required: + - initContainerImage + type: object + status: + description: MigrationJobStatus defines the observed state of MigrationJob + properties: + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + connect: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + controlcenter: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + kafka: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + ksqldb: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + phase: + type: string + replicator: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + schemaRegistry: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + zookeeper: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + required: + - phase + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.0.0/crds/platform.confluent.io_schemaregistries.yaml b/base/cfk-base/2.0.0/crds/platform.confluent.io_schemaregistries.yaml new file mode 100644 index 0000000..988d12e --- /dev/null +++ b/base/cfk-base/2.0.0/crds/platform.confluent.io_schemaregistries.yaml @@ -0,0 +1,2336 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_schemaregistries.yaml + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: schemaregistries.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.replicas + name: Replicas + type: string + - JSONPath: .status.readyReplicas + name: Ready + type: string + - JSONPath: .status.phase + name: Status + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.kafka.bootstrapEndpoint + name: Kafka + priority: 1 + type: string + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: SchemaRegistry + listKind: SchemaRegistryList + plural: schemaregistries + shortNames: + - schemaregistry + - sr + singular: schemaregistry + preserveUnknownFields: false + scope: Namespaced + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + validation: + openAPIV3Schema: + description: SchemaRegistry is the Schema for the schemaregistries API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SchemaRegistrySpec defines the desired state of SchemaRegistry + properties: + authentication: + description: Authentication defines the rest-endpoint configuration + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic credential + through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on the + server side only. Changes will be only reflected in ControlCenter + (C3). This configuration is ignored on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on the + server side only. This configuration is ignored on the client + side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme for Rest + Server + enum: + - basic + - mtls + type: string + required: + - type + type: object + authorization: + description: Authorization defines authorization configurations + properties: + kafkaRestClassRef: + description: KafkaRestClassRef defines the reference for KafkaRestClass + which defines Kafka Rest API + properties: + name: + description: Name defines the name of KafkaRestClass + minLength: 1 + type: string + namespace: + description: Namespace defines the namespace of the KafkaRestClass + type: string + required: + - name + type: object + type: + enum: + - rbac + type: string + required: + - type + type: object + configOverrides: + description: ConfigurationOverrides defines capability to override server/jvm/log4j + properties for each Confluent platform component. Change will roll + the cluster + properties: + jvm: + description: JVM defines a list of jvm configuration supported by + application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported by + application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + dependencies: + description: Dependencies defines all the dependencies service configuration + properties: + kafka: + description: Kafka defines kafka dependencies configuration + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: MDSDependencies defines the RBAC dependencies configurations + properties: + authentication: + description: Authentication defines MDS authentication configuration + properties: + bearer: + description: BearerAuthentication defines bearer authentication + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines the authentication type support + for MDS + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: Endpoint defines the mds endpoint + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: TokenKeyPair defines the token keypair to configure + MDS + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - authentication + - endpoint + - tokenKeyPair + type: object + type: object + externalAccess: + description: ExternalAccess defines the external access configuration + properties: + ingress: + description: Ingress allows to create a ingress service Not implemented + yet! + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type ingress service + type: object + spec: + description: IngressSpec describes the Ingress the user wishes + to exist. + properties: + backend: + description: A default backend capable of servicing requests + that don't match any rule. At least one of 'backend' or + 'rules' must be specified. This field is optional to allow + the loadbalancer controller or defaulting logic to specify + a global default. + properties: + resource: + description: Resource is an ObjectRef to another Kubernetes + resource in the namespace of the Ingress object. If + resource is specified, serviceName and servicePort + must not be specified. + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the referenced service. + x-kubernetes-int-or-string: true + type: object + ingressClassName: + description: IngressClassName is the name of the IngressClass + cluster resource. The associated IngressClass defines + which controller will implement the resource. This replaces + the deprecated `kubernetes.io/ingress.class` annotation. + For backwards compatibility, when that annotation is set, + it must be given precedence over this field. The controller + may emit a warning if the field and annotation have different + values. Implementations of this API should ignore Ingresses + without a class specified. An IngressClass resource may + be marked as default, which can be used to set a default + value for this field. For more information, refer to the + IngressClass documentation. + type: string + rules: + description: A list of host rules used to configure the + Ingress. If unspecified, or no rule matches, all traffic + is sent to the default backend. + items: + description: IngressRule represents the rules mapping + the paths under a specified host to the related backend + services. Incoming requests are first evaluated for + a host match, then routed to the backend associated + with the matching IngressRuleValue. + properties: + host: + description: "Host is the fully qualified domain name + of a network host, as defined by RFC 3986. Note + the following deviations from the \"host\" part + of the URI as defined in RFC 3986: 1. IPs are not + allowed. Currently an IngressRuleValue can only + apply to the IP in the Spec of the parent Ingress. + 2. The `:` delimiter is not respected because ports + are not allowed. \t Currently the port of an Ingress + is implicitly :80 for http and \t :443 for https. + Both these may change in the future. Incoming requests + are matched against the host before the IngressRuleValue. + If the host is unspecified, the Ingress routes all + traffic based on the specified IngressRuleValue. + \n Host can be \"precise\" which is a domain name + without the terminating dot of a network host (e.g. + \"foo.bar.com\") or \"wildcard\", which is a domain + name prefixed with a single wildcard label (e.g. + \"*.foo.com\"). The wildcard character '*' must + appear by itself as the first DNS label and matches + only a single label. You cannot have a wildcard + label by itself (e.g. Host == \"*\"). Requests will + be matched against the Host field in the following + way: 1. If Host is precise, the request matches + this rule if the http host header is equal to Host. + 2. If Host is a wildcard, then the request matches + this rule if the http host header is to equal to + the suffix (removing the first label) of the wildcard + rule." + type: string + http: + description: 'HTTPIngressRuleValue is a list of http + selectors pointing to backends. In the example: + http:///? -> backend where + where parts of the url correspond to RFC 3986, this + resource will be used to match against everything + after the last ''/'' and before the first ''?'' + or ''#''.' + properties: + paths: + description: A collection of paths that map requests + to backends. + items: + description: HTTPIngressPath associates a path + with a backend. Incoming urls matching the + path are forwarded to the backend. + properties: + backend: + description: Backend defines the referenced + service endpoint to which the traffic + will be forwarded to. + properties: + resource: + description: Resource is an ObjectRef + to another Kubernetes resource in + the namespace of the Ingress object. + If resource is specified, serviceName + and servicePort must not be specified. + properties: + apiGroup: + description: APIGroup is the group + for the resource being referenced. + If APIGroup is not specified, + the specified Kind must be in + the core API group. For any other + third-party types, APIGroup is + required. + type: string + kind: + description: Kind is the type of + resource being referenced + type: string + name: + description: Name is the name of + resource being referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the + referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the + referenced service. + x-kubernetes-int-or-string: true + type: object + path: + description: Path is matched against the + path of an incoming request. Currently + it can contain characters disallowed from + the conventional "path" part of a URL + as defined by RFC 3986. Paths must begin + with a '/'. When unspecified, all paths + from incoming requests are matched. + type: string + pathType: + description: 'PathType determines the interpretation + of the Path matching. PathType can be + one of the following values: * Exact: + Matches the URL path exactly. * Prefix: + Matches based on a URL path prefix split + by ''/''. Matching is done on a path + element by element basis. A path element + refers is the list of labels in the + path split by the ''/'' separator. A request + is a match for path p if every p is + an element-wise prefix of p of the request + path. Note that if the last element of + the path is a substring of the last + element in request path, it is not a match + (e.g. /foo/bar matches /foo/bar/baz, + but does not match /foo/barbaz). * ImplementationSpecific: + Interpretation of the Path matching is + up to the IngressClass. Implementations + can treat this as a separate PathType or + treat it identically to Prefix or Exact + path types. Implementations are required + to support all path types. Defaults to + ImplementationSpecific.' + type: string + required: + - backend + type: object + type: array + required: + - paths + type: object + type: object + type: array + tls: + description: TLS configuration. Currently the Ingress only + supports a single TLS port, 443. If multiple members of + this list specify different hosts, they will be multiplexed + on the same port according to the hostname specified through + the SNI TLS extension, if the ingress controller fulfilling + the ingress supports SNI. + items: + description: IngressTLS describes the transport layer + security associated with an Ingress. + properties: + hosts: + description: Hosts are a list of hosts included in + the TLS certificate. The values in this list must + match the name/s used in the tlsSecret. Defaults + to the wildcard host setting for the loadbalancer + controller fulfilling this Ingress, if left unspecified. + items: + type: string + type: array + secretName: + description: SecretName is the name of the secret + used to terminate TLS traffic on port 443. Field + is left optional to allow TLS routing based on SNI + hostname alone. If the SNI host in a listener conflicts + with the "Host" header field used by an IngressRule, + the SNI host is used for termination and value of + the Host header is used for routing. + type: string + type: object + type: array + type: object + required: + - spec + type: object + loadBalancer: + description: LoadBalancer allows to create a kubernetes load balancer + service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type load balancer + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring source + range + items: + type: string + type: array + port: + description: Port allows to configure external port for client + consumption If not configured, same internal/external port + will be configured per component Information about the port + can be retrieved through status API + format: int32 + type: integer + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port offset + to be used and will go in the increasing order with respect + to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for OpenShift + Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the OpenShift + service type route + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. It defaults + to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: Type defines supported kubernetes external services + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + image: + description: Image defines application and init docker image configuration. + Change will roll the cluster + properties: + application: + description: Application defines application docker image name + pattern: .+:.+ + type: string + init: + description: Init defines init-container name + pattern: .+:.+ + type: string + pullSecretRef: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods that + reference this ServiceAccount. ImagePullSecrets are distinct from + Secrets because Secrets can be mounted in the pod, but ImagePullSecrets + are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: InjectAnnotations annotations are injected to all the internal + resources created by Operator. All the internal annotations is preserved + and forbidden to override. For pod annotations, use podTemplate.annotations + type: object + injectLabels: + additionalProperties: + type: string + description: InjectLabels labels are injected to all the internal resources + created by Operator. All the internal labels is preserved and forbidden + to override. For pod labels, use podTemplate.labels + type: object + internalTopicReplicatorFactor: + format: int32 + minimum: 1 + type: integer + k8sClusterDomain: + description: K8SClusterDomain defines configuring kubernetes cluster + domain if required. If this setting is not configured it will default + to cluster.local domain. + type: string + license: + description: License defines license configuration for Confluent platform + component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where license key is mounted. More information about + the usage be found in Confluent Operator document. + minLength: 1 + type: string + globalLicense: + description: GlobalLicense specifies whether operator pod license + will be used for this component If enabled then Confluent platform + component shares Confluent Operator license. + type: boolean + secretRef: + description: SecretRef is secret reference which provides license + for CP component More information about the license key struct + can be found in Confluent Operator document. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + metrics: + description: Metrics specifies the security settings for metric services + properties: + authentication: + description: Metrics security authentication + properties: + type: + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: Override for jmx-prometheus exporter configs + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Prometheus exporter rule override + properties: + attrNameSnakeCase: + minLength: 1 + type: string + cache: + minLength: 1 + type: string + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + minLength: 1 + type: string + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP component + (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: MountedSecrets defines list of secrets reference injected + to the the underlying statefulset configuration. The secret reference + is mounted secret mounted in default path /mnt/secrets/. + The underlying resources will follow the secret as a file configuration + as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod + Change will roll the cluster + items: + description: MountedSecrets allows provides a way to inject custom + secret to underlying statefulset. + properties: + keyItems: + description: keyItems is list of key and path names + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must + be a value between 0 and 0777. If not specified, the volume + defaultMode will be used. This might be in conflict with + other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key + to. May not be an absolute path. May not contain the path + element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: SecretRef defines the secret name referenced + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + oneReplicaPerNode: + description: OneReplicaPerNode enforces to run 1 pod per node through + pod anti-affinity capability. Enabling this configuration in existing + cluster will roll. Change will roll the cluster + type: boolean + podTemplate: + description: PodTemplate defines some statefulset pod template configuration + properties: + affinity: + description: 'Affinity is a group of affinity scheduling rules. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its + node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. + The TopologySelectorTerm type implements a subset + of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the + sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations defines an unstructured key value map + stored with a resource that may be set by external tools to store + and retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + envVars: + description: 'EnvVars defines the collection of EnvVar to inject + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Labels defines map of string keys and values that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present in + container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all + containers in a pod. Some volume types allow the Kubelet to + change the ownership of that volume to be owned by the pod: + \n 1. The owning GID will be the FSGroup 2. The setgid bit + is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership and permissions + of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence for + that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to + start the container if it does. If unset or false, no such + validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run + in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName defines priority class for the pod + (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: Probe defines some fields of standard kubernetes readiness/liveness + probe configuration. + properties: + liveness: + description: Liveness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + readiness: + description: Readiness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + type: object + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds defines grace period + for pod deletion + format: int64 + type: integer + tolerations: + description: Tolerations defines The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator . + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using the + matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to + Equal. Exists is equivalent to wildcard for value, so that + a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do + not evict). Zero and negative values will be treated as + 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + type: object + replicas: + description: Replicas is the desired number of replicas of the given + Template. Change will roll the cluster + format: int32 + type: integer + storageClass: + description: Storage defines + properties: + name: + description: Name defines name is the storage class reference name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + telemetry: + description: ConfluentTelemetry defines the confluent telemetry reporter + configuration + properties: + global: + description: Global will allow disabling telemetry configuration. + If Operator is deployed with telemetry, this field is only is + used to disabled. By default the value is true if telemetry is + enabled in global level. + type: boolean + type: object + tls: + description: TLS defines tls configuration for rest-endpoint + properties: + autoGeneratedCerts: + description: AutoGenerated if configures generates the certificates + based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where keystore/truststore.jks/jksPassword.txt keys + are mounted. CP will not configure truststore.jks can be ignored + with IgnoreTrustStoreConfig field + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the truststore + configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced for + jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced for + jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for certificates + More information about certificates key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - image + - replicas + type: object + status: + description: SchemaRegistryStatus defines the observed state of SchemaRegistry + properties: + authorizationType: + type: string + clusterName: + description: ClusterName defines the name of the cluster + type: string + clusterNamespace: + description: ClusterNamespace provides the namespace where cluster is + running + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + currentReplicas: + description: CurrentReplicas defines current running replicas + format: int32 + type: integer + groupId: + type: string + internalSecrets: + description: InternalSecrets defines the list of internal secrets created + by Operator for each CP component. + items: + type: string + type: array + internalTopicNames: + description: InternalTopicNames is a list of topics used by the component + for internal use + items: + type: string + type: array + kafka: + description: KafkaClientInfoStatus defines the kafka client side status + for all CP component + properties: + authenticationType: + description: AuthenticationType defines the authentication type + for kafka + type: string + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + type: string + tls: + description: TLS defines if tls is enabled for kafka dependency + type: boolean + type: object + metricPrefix: + type: string + operatorVersion: + description: OperatorVersion defines the internal version of operator + type: string + phase: + description: Phase defines the state of the CP component + type: string + rbac: + description: RBACInfoStatus defines RBAC related status when RBAC is + enabled + properties: + clusterId: + description: ClusterId defines the id of cluster + type: string + internalRolebindings: + description: RolebindingState defines the state of internal rolebindings + items: + type: string + type: array + type: object + readyReplicas: + description: ReadyReplicas defines current ready replicas + format: int32 + type: integer + replicas: + description: Replicas defines replicas + format: int32 + type: integer + restConfig: + description: ListenerStatus describes general information about a listeners + properties: + advertisedExternalEndpoints: + description: AdvertisedExternalEndpoints defines other advertised + endpoints, especially use for kafka + items: + type: string + type: array + authenticationType: + description: AuthenticationType defines authentication type configured + by a listener + type: string + externalEndpoint: + description: ExternalEndpoint defines the external endpoint to connect + to the service + type: string + internalEndpoint: + description: InternalEndpoint defines the internal endpoint to connect + to the service + type: string + tls: + description: TLS defines whether tls is configured by a listener + type: boolean + type: object + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.0.0/crds/platform.confluent.io_zookeepers.yaml b/base/cfk-base/2.0.0/crds/platform.confluent.io_zookeepers.yaml new file mode 100644 index 0000000..36a4461 --- /dev/null +++ b/base/cfk-base/2.0.0/crds/platform.confluent.io_zookeepers.yaml @@ -0,0 +1,1554 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_zookeepers.yaml + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: zookeepers.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.replicas + name: Replicas + type: string + - JSONPath: .status.readyReplicas + name: Ready + type: string + - JSONPath: .status.phase + name: Status + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.endpoint + name: Endpoint + priority: 1 + type: string + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: Zookeeper + listKind: ZookeeperList + plural: zookeepers + shortNames: + - zookeeper + - zk + singular: zookeeper + preserveUnknownFields: false + scope: Namespaced + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + validation: + openAPIV3Schema: + description: Zookeeper is the Schema for the zookeepers API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ZookeeperSpec defines the desired state of Confluent Platform + (CP) component, Zookeeper + properties: + authentication: + description: Authentication defines support authentication configuration + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass required + credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced for + authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + principalMappingRules: + items: + type: string + type: array + type: + description: Type defines supported kafka authentication types + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + configOverrides: + description: ConfigurationOverrides defines capability to override server/jvm/log4j + properties for each Confluent platform component. Change will roll + the cluster + properties: + jvm: + description: JVM defines a list of jvm configuration supported by + application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported by + application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + dataVolumeCapacity: + anyOf: + - type: integer + - type: string + description: DataVolumeCapacity defines the data volume size + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + image: + description: Image defines application and init docker image configuration. + Change will roll the cluster + properties: + application: + description: Application defines application docker image name + pattern: .+:.+ + type: string + init: + description: Init defines init-container name + pattern: .+:.+ + type: string + pullSecretRef: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods that + reference this ServiceAccount. ImagePullSecrets are distinct from + Secrets because Secrets can be mounted in the pod, but ImagePullSecrets + are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: InjectAnnotations annotations are injected to all the internal + resources created by Operator. All the internal annotations is preserved + and forbidden to override. For pod annotations, use podTemplate.annotations + type: object + injectLabels: + additionalProperties: + type: string + description: InjectLabels labels are injected to all the internal resources + created by Operator. All the internal labels is preserved and forbidden + to override. For pod labels, use podTemplate.labels + type: object + k8sClusterDomain: + description: K8SClusterDomain defines configuring kubernetes cluster + domain if required. If this setting is not configured it will default + to cluster.local domain. + type: string + license: + description: License defines license configuration for Confluent platform + component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where license key is mounted. More information about + the usage be found in Confluent Operator document. + minLength: 1 + type: string + globalLicense: + description: GlobalLicense specifies whether operator pod license + will be used for this component If enabled then Confluent platform + component shares Confluent Operator license. + type: boolean + secretRef: + description: SecretRef is secret reference which provides license + for CP component More information about the license key struct + can be found in Confluent Operator document. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + logVolumeCapacity: + anyOf: + - type: integer + - type: string + description: LogVolumeCapacity defines the log volume size + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + metrics: + description: Metrics specifies the security settings for metric services + properties: + authentication: + description: Metrics security authentication + properties: + type: + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: Override for jmx-prometheus exporter configs + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Prometheus exporter rule override + properties: + attrNameSnakeCase: + minLength: 1 + type: string + cache: + minLength: 1 + type: string + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + minLength: 1 + type: string + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP component + (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: MountedSecrets defines list of secrets reference injected + to the the underlying statefulset configuration. The secret reference + is mounted secret mounted in default path /mnt/secrets/. + The underlying resources will follow the secret as a file configuration + as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod + Change will roll the cluster + items: + description: MountedSecrets allows provides a way to inject custom + secret to underlying statefulset. + properties: + keyItems: + description: keyItems is list of key and path names + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must + be a value between 0 and 0777. If not specified, the volume + defaultMode will be used. This might be in conflict with + other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key + to. May not be an absolute path. May not contain the path + element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: SecretRef defines the secret name referenced + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + oneReplicaPerNode: + description: OneReplicaPerNode enforces to run 1 pod per node through + pod anti-affinity capability. Enabling this configuration in existing + cluster will roll. Change will roll the cluster + type: boolean + podTemplate: + description: PodTemplate defines some statefulset pod template configuration + properties: + affinity: + description: 'Affinity is a group of affinity scheduling rules. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its + node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. + The TopologySelectorTerm type implements a subset + of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the + sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations defines an unstructured key value map + stored with a resource that may be set by external tools to store + and retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + envVars: + description: 'EnvVars defines the collection of EnvVar to inject + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Labels defines map of string keys and values that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present in + container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all + containers in a pod. Some volume types allow the Kubelet to + change the ownership of that volume to be owned by the pod: + \n 1. The owning GID will be the FSGroup 2. The setgid bit + is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership and permissions + of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence for + that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to + start the container if it does. If unset or false, no such + validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run + in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName defines priority class for the pod + (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: Probe defines some fields of standard kubernetes readiness/liveness + probe configuration. + properties: + liveness: + description: Liveness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + readiness: + description: Readiness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + type: object + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds defines grace period + for pod deletion + format: int64 + type: integer + tolerations: + description: Tolerations defines The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator . + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using the + matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to + Equal. Exists is equivalent to wildcard for value, so that + a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do + not evict). Zero and negative values will be treated as + 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + type: object + replicas: + description: Replicas is the desired number of replicas of the given + Template. Change will roll the cluster + format: int32 + type: integer + storageClass: + description: StorageClass defines the user provided storage class. If + not configured, it will use default storage class. + properties: + name: + description: Name defines name is the storage class reference name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLS defines TLS setting + properties: + autoGeneratedCerts: + description: AutoGenerated if configures generates the certificates + based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where keystore/truststore.jks/jksPassword.txt keys + are mounted. CP will not configure truststore.jks can be ignored + with IgnoreTrustStoreConfig field + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the truststore + configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced for + jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced for + jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for certificates + More information about certificates key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - dataVolumeCapacity + - image + - logVolumeCapacity + - replicas + type: object + status: + description: ZookeeperStatus defines the observed state of Zookeeper + properties: + authenticationType: + type: string + authorizationType: + type: string + clusterName: + description: ClusterName defines the name of the cluster + type: string + clusterNamespace: + description: ClusterNamespace provides the namespace where cluster is + running + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + currentReplicas: + description: CurrentReplicas defines current running replicas + format: int32 + type: integer + endpoint: + type: string + internalSecrets: + description: InternalSecrets defines the list of internal secrets created + by Operator for each CP component. + items: + type: string + type: array + internalTopicNames: + description: InternalTopicNames is a list of topics used by the component + for internal use + items: + type: string + type: array + operatorVersion: + description: OperatorVersion defines the internal version of operator + type: string + phase: + description: Phase defines the state of the CP component + type: string + readyReplicas: + description: ReadyReplicas defines current ready replicas + format: int32 + type: integer + replicas: + description: Replicas defines replicas + format: int32 + type: integer + tls: + type: boolean + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.0.0/templates/clusterrole.yaml b/base/cfk-base/2.0.0/templates/clusterrole.yaml new file mode 100644 index 0000000..f7bbaec --- /dev/null +++ b/base/cfk-base/2.0.0/templates/clusterrole.yaml @@ -0,0 +1,113 @@ +--- +# Source: confluent-for-kubernetes/templates/clusterrole.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: confluent-for-kubernetes + app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: confluent-for-kubernetes-0.174.6 + name: confluent-operator +rules: +- apiGroups: + - cluster.confluent.com + resources: + - zookeeperclusters + - zookeeperclusters/status + - zookeeperclusters/scale + - zookeeperclusters/finalizers + - kafkaclusters + - kafkaclusters/status + - kafkaclusters/scale + - kafkaclusters/finalizers + verbs: + - '*' +- apiGroups: + - operator.confluent.cloud + resources: + - physicalstatefulclusters + - physicalstatefulclusters/scale + - physicalstatefulclusters/status + - physicalstatefulclusters/finalizers + verbs: + - '*' +- apiGroups: + - platform.confluent.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - route.openshift.io + resources: + - routes + - routes/custom-host + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - apps + resources: + - statefulsets + - statefulsets/scale + - statefulsets/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps + - events + - persistentvolumeclaims + - secrets + - secrets/finalizers + - pods + - pods/exec + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - networking.k8s.io + resources: + - ingresses + - ingresses/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete diff --git a/base/cfk-base/2.0.0/templates/clusterrolebinding.yaml b/base/cfk-base/2.0.0/templates/clusterrolebinding.yaml new file mode 100644 index 0000000..afcee0f --- /dev/null +++ b/base/cfk-base/2.0.0/templates/clusterrolebinding.yaml @@ -0,0 +1,21 @@ +--- +# Source: confluent-for-kubernetes/templates/clusterrolebinding.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: + app: confluent-for-kubernetes + app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: confluent-for-kubernetes-0.174.6 + name: confluent-operator +subjects: +- kind: ServiceAccount + name: confluent-for-kubernetes + namespace: default +roleRef: + kind: ClusterRole + name: confluent-operator + apiGroup: rbac.authorization.k8s.io diff --git a/base/cfk-base/2.0.0/templates/deployment.yaml b/base/cfk-base/2.0.0/templates/deployment.yaml new file mode 100644 index 0000000..4ce8c9a --- /dev/null +++ b/base/cfk-base/2.0.0/templates/deployment.yaml @@ -0,0 +1,82 @@ +--- +# Source: confluent-for-kubernetes/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: confluent-for-kubernetes + app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: confluent-for-kubernetes-0.174.6 + version: 0.174.6 + name: confluent-operator + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: "confluent-operator" + app.kubernetes.io/instance: release-name + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: + prometheus.io/path: "/metrics" + prometheus.io/port: "7778" + prometheus.io/scrape: "true" + labels: + app: "confluent-operator" + app.kubernetes.io/name: "confluent-operator" + app.kubernetes.io/instance: release-name + confluent-platform: "true" + version: 0.174.6 + spec: + securityContext: + fsGroup: 1001 + runAsNonRoot: true + runAsUser: 1001 + containers: + - args: + - --debug=false + name: confluent-operator + image: docker.io/confluentinc/confluent-operator:0.174.6 + imagePullPolicy: IfNotPresent + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + readinessProbe: + httpGet: + port: 8080 + path: /readyz + livenessProbe: + httpGet: + port: 8080 + path: /healthz + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: NODEIP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_ENTITY_ID + valueFrom: + fieldRef: + fieldPath: metadata.uid + serviceAccountName: confluent-for-kubernetes + restartPolicy: Always + terminationGracePeriodSeconds: 30 diff --git a/base/operator/kustomization.yaml b/base/cfk-base/2.0.0/templates/kustomization.yaml similarity index 100% rename from base/operator/kustomization.yaml rename to base/cfk-base/2.0.0/templates/kustomization.yaml diff --git a/base/cfk-base/2.0.0/templates/licensing.yaml b/base/cfk-base/2.0.0/templates/licensing.yaml new file mode 100644 index 0000000..afb52ac --- /dev/null +++ b/base/cfk-base/2.0.0/templates/licensing.yaml @@ -0,0 +1,17 @@ +--- +# Source: confluent-for-kubernetes/templates/licensing.yaml +apiVersion: v1 +kind: Secret +metadata: + labels: + app: confluent-for-kubernetes + app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: confluent-for-kubernetes-0.174.6 + namespace: default + name: confluent-operator-licensing +type: Opaque +data: + publicKey.pem: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF2YUd5OFRPZGJDTXlTTTd6cVpzeApuNjJ5dUUrQmhJUGxjOXo5Y3RyWCt0QldOQ0NKZVBaYktIVFpTOXVLTGVLVWk5dTA3dHMvMzVYUm5FNEFURDZxCmx3am5Tb0pPa2VJWGNZaUorWEdFeE4xb1JFOFJsNW90dmRtSkVzYjlZNkpzZmUybFJDQ3NaTng2azFzMU5tUUYKUjR3blJpS3lsSWlZSjl1V1VHZkgxOEpLWnFNOHo5UXFrWi8relFrekhOWXNYbi9ZeVJ1RElRWGVVU2VjaHI5MwpKanQ3OUFpa3NraWNvVDA0bHF6L0dhSHoyV0pFeXV2TExFMWpOQk9Db21LbDA1UWIreXZKbUdudC83SFg2SFQ3CjNobkNYYnNsd3R6cDBDbWVHT2lKUmJKeGJhaGtURnFoMW9LcVpYVURDWnJLQ05OUnZYcU4vUUhxbmF3bzZrSnkKOHdJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0t diff --git a/base/cfk-base/2.0.0/templates/service.yaml b/base/cfk-base/2.0.0/templates/service.yaml new file mode 100644 index 0000000..f65ff42 --- /dev/null +++ b/base/cfk-base/2.0.0/templates/service.yaml @@ -0,0 +1,24 @@ +--- +# Source: confluent-for-kubernetes/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + labels: + app: confluent-for-kubernetes + app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: confluent-for-kubernetes-0.174.6 + name: confluent-operator + namespace: default +spec: + ports: + - name: http-metric + port: 7778 + protocol: TCP + targetPort: 7778 + selector: + app: "confluent-operator" + app.kubernetes.io/name: "confluent-operator" + type: ClusterIP diff --git a/base/cfk-base/2.0.0/templates/serviceaccount.yaml b/base/cfk-base/2.0.0/templates/serviceaccount.yaml new file mode 100644 index 0000000..8c83064 --- /dev/null +++ b/base/cfk-base/2.0.0/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +--- +# Source: confluent-for-kubernetes/templates/serviceaccount.yaml +apiVersion: v1 +imagePullSecrets: +- name: confluent-registry +kind: ServiceAccount +metadata: + labels: + app: confluent-for-kubernetes + app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: confluent-for-kubernetes-0.174.6 + name: confluent-for-kubernetes + namespace: default diff --git a/base/cfk-base/2.0.1/crds/kustomization.yaml b/base/cfk-base/2.0.1/crds/kustomization.yaml new file mode 100644 index 0000000..2ad3673 --- /dev/null +++ b/base/cfk-base/2.0.1/crds/kustomization.yaml @@ -0,0 +1,13 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - platform.confluent.io_confluentrolebindings.yaml + - platform.confluent.io_connects.yaml + - platform.confluent.io_controlcenters.yaml + - platform.confluent.io_kafkarestclasses.yaml + - platform.confluent.io_kafkas.yaml + - platform.confluent.io_kafkatopics.yaml + - platform.confluent.io_ksqldbs.yaml + - platform.confluent.io_migrationjobs.yaml + - platform.confluent.io_schemaregistries.yaml + - platform.confluent.io_zookeepers.yaml diff --git a/base/cfk-base/2.0.1/crds/platform.confluent.io_confluentrolebindings.yaml b/base/cfk-base/2.0.1/crds/platform.confluent.io_confluentrolebindings.yaml new file mode 100644 index 0000000..fbd2bbf --- /dev/null +++ b/base/cfk-base/2.0.1/crds/platform.confluent.io_confluentrolebindings.yaml @@ -0,0 +1,252 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_confluentrolebindings.yaml + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: confluentrolebindings.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.state + name: Status + type: string + - JSONPath: .status.kafkaClusterId + name: KafkaClusterId + type: string + - JSONPath: .status.principal + name: Principal + type: string + - JSONPath: .status.role + name: Role + type: string + - JSONPath: .status.kafkaRestClass + name: KafkaRestClass + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.clusterRegistryName + name: ClusterRegistryName + priority: 1 + type: string + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: ConfluentRolebinding + listKind: ConfluentRolebindingList + plural: confluentrolebindings + shortNames: + - cfrb + - confluentrolebinding + singular: confluentrolebinding + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: ConfluentRolebinding is the Schema for the confluentrolebinding + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ConfluentRolebindingSpec defines the desired state of rolebinding + for cp component when rbac is enabled + properties: + clustersScopeByIds: + description: ClusterScope defines the scope of clustersId + properties: + connectClusterId: + minLength: 1 + type: string + kafkaClusterId: + minLength: 1 + type: string + ksqlClusterId: + minLength: 1 + type: string + schemaRegistryClusterId: + minLength: 1 + type: string + type: object + clustersScopeByRegistryName: + description: ClusterRegistryName defines the unique cluster name customer + registered in cluster registry + minLength: 1 + type: string + kafkaRestClassRef: + description: KafkaRestClassRef defines the reference for KafkaRestClass + which defines Kafka Rest API + properties: + name: + description: Name defines the name of KafkaRestClass + minLength: 1 + type: string + namespace: + description: Namespace defines the namespace of the KafkaRestClass + type: string + required: + - name + type: object + principal: + description: Principal defines the confluent rolebinding principal name + and the binding details. + properties: + name: + description: Name defines the name of the principal(user/group) + minLength: 1 + type: string + type: + enum: + - user + - group + type: string + required: + - name + - type + type: object + resourcePatterns: + description: ResourcePatterns define the qualified resources associated + with this rolebinding + items: + description: ResourcePattern define the qualified resource info associated + with this rolebinding + properties: + name: + description: Name defines the name of resource associated with + this rolebinding + minLength: 1 + type: string + patternType: + description: PatternType defines whether the pattern of resource + is PREFIXED or LITERAL, default is LITERAL if not set + enum: + - PREFIXED + - LITERAL + type: string + resourceType: + description: ResourceType defines the type of resource + minLength: 1 + type: string + required: + - name + - resourceType + type: object + type: array + role: + description: Role defines the name of the Role + minLength: 1 + type: string + required: + - principal + - role + type: object + status: + description: ConfluentRolebindingStatus defines the observed state of ConfluentRolebinding + properties: + clusterRegistryName: + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + kafkaClusterId: + type: string + kafkaRestClass: + type: string + mdsEndpoint: + type: string + principal: + type: string + resourcePatterns: + items: + description: ResourcePattern define the qualified resource info associated + with this rolebinding + properties: + name: + description: Name defines the name of resource associated with + this rolebinding + minLength: 1 + type: string + patternType: + description: PatternType defines whether the pattern of resource + is PREFIXED or LITERAL, default is LITERAL if not set + enum: + - PREFIXED + - LITERAL + type: string + resourceType: + description: ResourceType defines the type of resource + minLength: 1 + type: string + required: + - name + - resourceType + type: object + type: array + role: + type: string + state: + type: string + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.0.1/crds/platform.confluent.io_connects.yaml b/base/cfk-base/2.0.1/crds/platform.confluent.io_connects.yaml new file mode 100644 index 0000000..e8d9cdf --- /dev/null +++ b/base/cfk-base/2.0.1/crds/platform.confluent.io_connects.yaml @@ -0,0 +1,3106 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_connects.yaml + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: connects.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.replicas + name: Replicas + type: string + - JSONPath: .status.readyReplicas + name: Ready + type: string + - JSONPath: .status.phase + name: Status + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.kafka.bootstrapEndpoint + name: Kafka + priority: 1 + type: string + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: Connect + listKind: ConnectList + plural: connects + shortNames: + - connect + singular: connect + preserveUnknownFields: false + scope: Namespaced + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + validation: + openAPIV3Schema: + description: Connect is the Schema for the Connects API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ConnectSpec defines the desired state of Connect + properties: + authentication: + description: Rest server security fields + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic credential + through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on the + server side only. Changes will be only reflected in ControlCenter + (C3). This configuration is ignored on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on the + server side only. This configuration is ignored on the client + side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme for Rest + Server + enum: + - basic + - mtls + type: string + required: + - type + type: object + authorization: + description: Authorization + properties: + kafkaRestClassRef: + description: KafkaRestClassRef defines the reference for KafkaRestClass + which defines Kafka Rest API + properties: + name: + description: Name defines the name of KafkaRestClass + minLength: 1 + type: string + namespace: + description: Namespace defines the namespace of the KafkaRestClass + type: string + required: + - name + type: object + type: + enum: + - rbac + type: string + required: + - type + type: object + configOverrides: + description: ConfigurationOverrides defines capability to override server/jvm/log4j + properties for each Confluent platform component. Change will roll + the cluster + properties: + jvm: + description: JVM defines a list of jvm configuration supported by + application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported by + application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + connectorOverridePolicy: + description: ConnectorOverridePolicy allows policy to permit per-connector + override configuration for producer/consumer/admin prefix. More information + can be found here, https://docs.confluent.io/platform/current/connect/security.html#separate-principals + enum: + - All + - Principal + type: string + dependencies: + description: ConnectDependencies holds dependencies a connect requires + or can enable + properties: + admin: + description: configure admin client If bootstrapEndpoint is not + configured, the security is configured based on the kafka dependencies + configuration. Configure if different bootstrapEndpoint is required + for admin client + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + consumer: + description: Consumer security configuration to connect to Kafka + Cluster pointed by bootstrapEndpoint, used for sink connectors. + If bootstrapEndpoint is not configured, the security is configured + based on the kafka dependencies configuration. Configure if different + bootstrapEndpoint is required for consumer + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + interceptor: + description: configure confluent monitoring interceptor + properties: + configs: + description: Configs defines configs for the CP interceptor + Config override feature can be used to pass config + items: + type: string + type: array + consumer: + description: Consumer defines the consumer configuration for + interceptor. If not configured it will use the kafka dependency + configuration + properties: + authentication: + description: Authentication defines the authentication for + the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's + JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference + to pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete + JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability + to discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is + running Uses the same namespace where Operator is + running if not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side + TLS setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + enabled: + description: Enabled defines to enable the CP interceptor configuration + type: boolean + producer: + description: Producer defines the producer configuration for + interceptor. If not configured it will use the kafka dependency + configuration + properties: + authentication: + description: Authentication defines the authentication for + the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's + JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference + to pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete + JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability + to discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is + running Uses the same namespace where Operator is + running if not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side + TLS setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + publishMs: + type: integer + required: + - enabled + type: object + kafka: + description: Connect dependency for connecting to kafka. Uses discovery + if that specified + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: Mds configurations for when RBAC is enabled + properties: + authentication: + description: Authentication defines MDS authentication configuration + properties: + bearer: + description: BearerAuthentication defines bearer authentication + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines the authentication type support + for MDS + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: Endpoint defines the mds endpoint + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: TokenKeyPair defines the token keypair to configure + MDS + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - authentication + - endpoint + - tokenKeyPair + type: object + producer: + description: Producer security configuration to connect to Kafka + Cluster pointed by bootstrapEndpoint, used for source connectors. + If bootstrapEndpoint is not configured, the security is configured + based on the kafka dependencies configuration. Configure if different + bootstrapEndpoint/security is required for producer + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + schemaRegistry: + description: configure connect dependency for schemaregistry + properties: + authentication: + description: Authentication defines the authentication for the + schemaregistry cluster + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass + basic credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles + on the server side only. Changes will be only reflected + in ControlCenter (C3). This configuration is ignored + on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is ignored + on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for schemaregistry cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - url + type: object + type: object + enableSchemas: + description: EnableSchemas defines whether to enable scheme or not + type: boolean + externalAccess: + description: CPExternalAccess holds all external access policies for + non-kafka components + properties: + ingress: + description: Ingress allows to create a ingress service Not implemented + yet! + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type ingress service + type: object + spec: + description: IngressSpec describes the Ingress the user wishes + to exist. + properties: + backend: + description: A default backend capable of servicing requests + that don't match any rule. At least one of 'backend' or + 'rules' must be specified. This field is optional to allow + the loadbalancer controller or defaulting logic to specify + a global default. + properties: + resource: + description: Resource is an ObjectRef to another Kubernetes + resource in the namespace of the Ingress object. If + resource is specified, serviceName and servicePort + must not be specified. + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the referenced service. + x-kubernetes-int-or-string: true + type: object + ingressClassName: + description: IngressClassName is the name of the IngressClass + cluster resource. The associated IngressClass defines + which controller will implement the resource. This replaces + the deprecated `kubernetes.io/ingress.class` annotation. + For backwards compatibility, when that annotation is set, + it must be given precedence over this field. The controller + may emit a warning if the field and annotation have different + values. Implementations of this API should ignore Ingresses + without a class specified. An IngressClass resource may + be marked as default, which can be used to set a default + value for this field. For more information, refer to the + IngressClass documentation. + type: string + rules: + description: A list of host rules used to configure the + Ingress. If unspecified, or no rule matches, all traffic + is sent to the default backend. + items: + description: IngressRule represents the rules mapping + the paths under a specified host to the related backend + services. Incoming requests are first evaluated for + a host match, then routed to the backend associated + with the matching IngressRuleValue. + properties: + host: + description: "Host is the fully qualified domain name + of a network host, as defined by RFC 3986. Note + the following deviations from the \"host\" part + of the URI as defined in RFC 3986: 1. IPs are not + allowed. Currently an IngressRuleValue can only + apply to the IP in the Spec of the parent Ingress. + 2. The `:` delimiter is not respected because ports + are not allowed. \t Currently the port of an Ingress + is implicitly :80 for http and \t :443 for https. + Both these may change in the future. Incoming requests + are matched against the host before the IngressRuleValue. + If the host is unspecified, the Ingress routes all + traffic based on the specified IngressRuleValue. + \n Host can be \"precise\" which is a domain name + without the terminating dot of a network host (e.g. + \"foo.bar.com\") or \"wildcard\", which is a domain + name prefixed with a single wildcard label (e.g. + \"*.foo.com\"). The wildcard character '*' must + appear by itself as the first DNS label and matches + only a single label. You cannot have a wildcard + label by itself (e.g. Host == \"*\"). Requests will + be matched against the Host field in the following + way: 1. If Host is precise, the request matches + this rule if the http host header is equal to Host. + 2. If Host is a wildcard, then the request matches + this rule if the http host header is to equal to + the suffix (removing the first label) of the wildcard + rule." + type: string + http: + description: 'HTTPIngressRuleValue is a list of http + selectors pointing to backends. In the example: + http:///? -> backend where + where parts of the url correspond to RFC 3986, this + resource will be used to match against everything + after the last ''/'' and before the first ''?'' + or ''#''.' + properties: + paths: + description: A collection of paths that map requests + to backends. + items: + description: HTTPIngressPath associates a path + with a backend. Incoming urls matching the + path are forwarded to the backend. + properties: + backend: + description: Backend defines the referenced + service endpoint to which the traffic + will be forwarded to. + properties: + resource: + description: Resource is an ObjectRef + to another Kubernetes resource in + the namespace of the Ingress object. + If resource is specified, serviceName + and servicePort must not be specified. + properties: + apiGroup: + description: APIGroup is the group + for the resource being referenced. + If APIGroup is not specified, + the specified Kind must be in + the core API group. For any other + third-party types, APIGroup is + required. + type: string + kind: + description: Kind is the type of + resource being referenced + type: string + name: + description: Name is the name of + resource being referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the + referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the + referenced service. + x-kubernetes-int-or-string: true + type: object + path: + description: Path is matched against the + path of an incoming request. Currently + it can contain characters disallowed from + the conventional "path" part of a URL + as defined by RFC 3986. Paths must begin + with a '/'. When unspecified, all paths + from incoming requests are matched. + type: string + pathType: + description: 'PathType determines the interpretation + of the Path matching. PathType can be + one of the following values: * Exact: + Matches the URL path exactly. * Prefix: + Matches based on a URL path prefix split + by ''/''. Matching is done on a path + element by element basis. A path element + refers is the list of labels in the + path split by the ''/'' separator. A request + is a match for path p if every p is + an element-wise prefix of p of the request + path. Note that if the last element of + the path is a substring of the last + element in request path, it is not a match + (e.g. /foo/bar matches /foo/bar/baz, + but does not match /foo/barbaz). * ImplementationSpecific: + Interpretation of the Path matching is + up to the IngressClass. Implementations + can treat this as a separate PathType or + treat it identically to Prefix or Exact + path types. Implementations are required + to support all path types. Defaults to + ImplementationSpecific.' + type: string + required: + - backend + type: object + type: array + required: + - paths + type: object + type: object + type: array + tls: + description: TLS configuration. Currently the Ingress only + supports a single TLS port, 443. If multiple members of + this list specify different hosts, they will be multiplexed + on the same port according to the hostname specified through + the SNI TLS extension, if the ingress controller fulfilling + the ingress supports SNI. + items: + description: IngressTLS describes the transport layer + security associated with an Ingress. + properties: + hosts: + description: Hosts are a list of hosts included in + the TLS certificate. The values in this list must + match the name/s used in the tlsSecret. Defaults + to the wildcard host setting for the loadbalancer + controller fulfilling this Ingress, if left unspecified. + items: + type: string + type: array + secretName: + description: SecretName is the name of the secret + used to terminate TLS traffic on port 443. Field + is left optional to allow TLS routing based on SNI + hostname alone. If the SNI host in a listener conflicts + with the "Host" header field used by an IngressRule, + the SNI host is used for termination and value of + the Host header is used for routing. + type: string + type: object + type: array + type: object + required: + - spec + type: object + loadBalancer: + description: LoadBalancer allows to create a kubernetes load balancer + service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type load balancer + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring source + range + items: + type: string + type: array + port: + description: Port allows to configure external port for client + consumption If not configured, same internal/external port + will be configured per component Information about the port + can be retrieved through status API + format: int32 + type: integer + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port offset + to be used and will go in the increasing order with respect + to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for OpenShift + Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the OpenShift + service type route + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. It defaults + to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: Type defines supported kubernetes external services + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + image: + description: Image defines application and init docker image configuration. + Change will roll the cluster + properties: + application: + description: Application defines application docker image name + pattern: .+:.+ + type: string + init: + description: Init defines init-container name + pattern: .+:.+ + type: string + pullSecretRef: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods that + reference this ServiceAccount. ImagePullSecrets are distinct from + Secrets because Secrets can be mounted in the pod, but ImagePullSecrets + are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: InjectAnnotations annotations are injected to all the internal + resources created by Operator. All the internal annotations is preserved + and forbidden to override. For pod annotations, use podTemplate.annotations + type: object + injectLabels: + additionalProperties: + type: string + description: InjectLabels labels are injected to all the internal resources + created by Operator. All the internal labels is preserved and forbidden + to override. For pod labels, use podTemplate.labels + type: object + internalTopicReplicationFactor: + description: ' InternalTopicReplicationFactor defines internal topic + replication factor If not configured, it will be configured as 3' + format: int32 + type: integer + k8sClusterDomain: + description: K8SClusterDomain defines configuring kubernetes cluster + domain if required. If this setting is not configured it will default + to cluster.local domain. + type: string + keyConverterType: + description: KeyConverter defines the supported converters package for + CP platform Supported converter types here, https://docs.confluent.io/current/connect/concepts.html#connect-converters + By default, it is configured as org.apache.kafka.connect.json.JsonConverter + minLength: 1 + type: string + license: + description: License defines license configuration for Confluent platform + component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where license key is mounted. More information about + the usage be found in Confluent Operator document. + minLength: 1 + type: string + globalLicense: + description: GlobalLicense specifies whether operator pod license + will be used for this component If enabled then Confluent platform + component shares Confluent Operator license. + type: boolean + secretRef: + description: SecretRef is secret reference which provides license + for CP component More information about the license key struct + can be found in Confluent Operator document. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + metrics: + description: Metrics specifies the security settings for metric services + properties: + authentication: + description: Metrics security authentication + properties: + type: + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: Override for jmx-prometheus exporter configs + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Prometheus exporter rule override + properties: + attrNameSnakeCase: + minLength: 1 + type: string + cache: + minLength: 1 + type: string + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + minLength: 1 + type: string + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP component + (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: MountedSecrets defines list of secrets reference injected + to the the underlying statefulset configuration. The secret reference + is mounted secret mounted in default path /mnt/secrets/. + The underlying resources will follow the secret as a file configuration + as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod + Change will roll the cluster + items: + description: MountedSecrets allows provides a way to inject custom + secret to underlying statefulset. + properties: + keyItems: + description: keyItems is list of key and path names + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must + be a value between 0 and 0777. If not specified, the volume + defaultMode will be used. This might be in conflict with + other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key + to. May not be an absolute path. May not contain the path + element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: SecretRef defines the secret name referenced + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + oneReplicaPerNode: + description: OneReplicaPerNode enforces to run 1 pod per node through + pod anti-affinity capability. Enabling this configuration in existing + cluster will roll. Change will roll the cluster + type: boolean + podTemplate: + description: PodTemplate defines some statefulset pod template configuration + properties: + affinity: + description: 'Affinity is a group of affinity scheduling rules. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its + node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. + The TopologySelectorTerm type implements a subset + of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the + sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations defines an unstructured key value map + stored with a resource that may be set by external tools to store + and retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + envVars: + description: 'EnvVars defines the collection of EnvVar to inject + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Labels defines map of string keys and values that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present in + container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all + containers in a pod. Some volume types allow the Kubelet to + change the ownership of that volume to be owned by the pod: + \n 1. The owning GID will be the FSGroup 2. The setgid bit + is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership and permissions + of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence for + that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to + start the container if it does. If unset or false, no such + validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run + in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName defines priority class for the pod + (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: Probe defines some fields of standard kubernetes readiness/liveness + probe configuration. + properties: + liveness: + description: Liveness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + readiness: + description: Readiness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + type: object + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds defines grace period + for pod deletion + format: int64 + type: integer + tolerations: + description: Tolerations defines The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator . + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using the + matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to + Equal. Exists is equivalent to wildcard for value, so that + a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do + not evict). Zero and negative values will be treated as + 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + type: object + replicas: + description: Replicas is the desired number of replicas of the given + Template. Change will roll the cluster + format: int32 + type: integer + storageClass: + description: Storage class used for creating pvc's of created connect + pods + properties: + name: + description: Name defines name is the storage class reference name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + telemetry: + description: ConfluentTelemetry defines the confluent telemetry reporter + configuration + properties: + global: + description: Global will allow disabling telemetry configuration. + If Operator is deployed with telemetry, this field is only is + used to disabled. By default the value is true if telemetry is + enabled in global level. + type: boolean + type: object + tls: + description: TLS allows configuring CP Component's server configuration + properties: + autoGeneratedCerts: + description: AutoGenerated if configures generates the certificates + based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where keystore/truststore.jks/jksPassword.txt keys + are mounted. CP will not configure truststore.jks can be ignored + with IgnoreTrustStoreConfig field + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the truststore + configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced for + jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced for + jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for certificates + More information about certificates key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + valueConverterType: + description: ValueConverter defines the supported converters package + for CP platform Supported converter types here, https://docs.confluent.io/current/connect/concepts.html#connect-converters + By default, it is configured as org.apache.kafka.connect.json.JsonConverter + minLength: 1 + type: string + required: + - image + - replicas + type: object + status: + description: ConnectStatus defines the observed state of Connect + properties: + authorizationType: + type: string + clusterName: + description: ClusterName defines the name of the cluster + type: string + clusterNamespace: + description: ClusterNamespace provides the namespace where cluster is + running + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + currentReplicas: + description: CurrentReplicas defines current running replicas + format: int32 + type: integer + groupId: + type: string + internalSecrets: + description: InternalSecrets defines the list of internal secrets created + by Operator for each CP component. + items: + type: string + type: array + internalTopicNames: + description: InternalTopicNames is a list of topics used by the component + for internal use + items: + type: string + type: array + kafka: + description: KafkaClientInfoStatus defines the kafka client side status + for all CP component + properties: + authenticationType: + description: AuthenticationType defines the authentication type + for kafka + type: string + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + type: string + tls: + description: TLS defines if tls is enabled for kafka dependency + type: boolean + type: object + operatorVersion: + description: OperatorVersion defines the internal version of operator + type: string + phase: + description: Phase defines the state of the CP component + type: string + rbac: + description: RBACInfoStatus defines RBAC related status when RBAC is + enabled + properties: + clusterId: + description: ClusterId defines the id of cluster + type: string + internalRolebindings: + description: RolebindingState defines the state of internal rolebindings + items: + type: string + type: array + type: object + readyReplicas: + description: ReadyReplicas defines current ready replicas + format: int32 + type: integer + replicas: + description: Replicas defines replicas + format: int32 + type: integer + restConfig: + description: ListenerStatus describes general information about a listeners + properties: + advertisedExternalEndpoints: + description: AdvertisedExternalEndpoints defines other advertised + endpoints, especially use for kafka + items: + type: string + type: array + authenticationType: + description: AuthenticationType defines authentication type configured + by a listener + type: string + externalEndpoint: + description: ExternalEndpoint defines the external endpoint to connect + to the service + type: string + internalEndpoint: + description: InternalEndpoint defines the internal endpoint to connect + to the service + type: string + tls: + description: TLS defines whether tls is configured by a listener + type: boolean + type: object + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.0.1/crds/platform.confluent.io_controlcenters.yaml b/base/cfk-base/2.0.1/crds/platform.confluent.io_controlcenters.yaml new file mode 100644 index 0000000..d7d7783 --- /dev/null +++ b/base/cfk-base/2.0.1/crds/platform.confluent.io_controlcenters.yaml @@ -0,0 +1,3035 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_controlcenters.yaml + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: controlcenters.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.replicas + name: Replicas + type: string + - JSONPath: .status.readyReplicas + name: Ready + type: string + - JSONPath: .status.phase + name: Status + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.kafka.bootstrapEndpoint + name: Kafka + priority: 1 + type: string + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: ControlCenter + listKind: ControlCenterList + plural: controlcenters + shortNames: + - controlcenter + - c3 + singular: controlcenter + preserveUnknownFields: false + scope: Namespaced + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + validation: + openAPIV3Schema: + description: ControlCenter is the Schema for the controlcenter API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ControlCenterSpec defines the desired state of ControlCenter + properties: + authentication: + description: Authentication defines the rest-endpoint configuration + properties: + basic: + description: BasicAuthentication defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic credential + through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on the + server side only. Changes will be only reflected in ControlCenter + (C3). This configuration is ignored on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on the + server side only. This configuration is ignored on the client + side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + ldap: + description: C3LdapAuthentication defines ldap authentication + properties: + property: + additionalProperties: + type: string + description: Property defines all the properties for LDAP configuration + Make sure to use secret object to pass username/password + type: object + restrictedRoles: + description: RestrictedRoles defines restricted access roles + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on the + server side only. + items: + type: string + minItems: 1 + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - basic + - ldap + - mtls + type: string + required: + - type + type: object + authorization: + description: Authorization defines authorization configurations + properties: + kafkaRestClassRef: + description: KafkaRestClassRef defines the reference for KafkaRestClass + which defines Kafka Rest API + properties: + name: + description: Name defines the name of KafkaRestClass + minLength: 1 + type: string + namespace: + description: Namespace defines the namespace of the KafkaRestClass + type: string + required: + - name + type: object + type: + enum: + - rbac + type: string + required: + - type + type: object + configOverrides: + description: ConfigurationOverrides defines capability to override server/jvm/log4j + properties for each Confluent platform component. Change will roll + the cluster + properties: + jvm: + description: JVM defines a list of jvm configuration supported by + application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported by + application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + dataVolumeCapacity: + anyOf: + - type: integer + - type: string + description: DataVolumeCapacity defines the data size for PV + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + dependencies: + description: Dependencies defines all the dependencies service configuration + properties: + connect: + description: Connect defines connect worker dependencies configuration + items: + description: ControlCenterConnectDependency + properties: + authentication: + description: Authentication defines the authentication for + the connect cluster + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass + basic credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles + on the server side only. Changes will be only reflected + in ControlCenter (C3). This configuration is ignored + on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is ignored + on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + name: + description: Name defines the cluster name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + tls: + description: TLSDependencyConfig defines the client side TLS + setting for connect cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - name + - url + type: object + type: array + kafka: + description: Kafka defines kafka dependencies configuration + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + ksqldb: + description: KsqlDB defines ksqldb dependencies configuration + items: + description: ControlCenterKSQLDependency + properties: + advertisedUrl: + description: AdvertisedURL defines the advertised url to use + in browser. + minLength: 1 + pattern: ^https?://.* + type: string + authentication: + description: Authentication defines the authentication for + the ksqldb cluster + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass + basic credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles + on the server side only. Changes will be only reflected + in ControlCenter (C3). This configuration is ignored + on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is ignored + on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + name: + description: Name defines the cluster name + minLength: 1 + type: string + tls: + description: TLSDependencyConfig defines the client side TLS + setting for ksqldb cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - name + - url + type: object + type: array + mds: + description: MDSDependencies defines the RBAC dependencies configurations + properties: + authentication: + description: Authentication defines MDS authentication configuration + properties: + bearer: + description: BearerAuthentication defines bearer authentication + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines the authentication type support + for MDS + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: Endpoint defines the mds endpoint + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: TokenKeyPair defines the token keypair to configure + MDS + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - authentication + - endpoint + - tokenKeyPair + type: object + schemaRegistry: + description: SchemaRegistry defines schema registry dependencies + configuration + properties: + authentication: + description: Authentication defines the authentication for the + schemaregistry cluster + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass + basic credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles + on the server side only. Changes will be only reflected + in ControlCenter (C3). This configuration is ignored + on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is ignored + on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + clusters: + items: + description: ControlCenterMultiSchemaRegistryDependency + properties: + authentication: + description: Authentication defines the authentication + for the schemaregistry cluster + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to + pass basic credential through directory path + in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted + roles on the server side only. Changes will + be only reflected in ControlCenter (C3). This + configuration is ignored on the client side + configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration + is ignored on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication + scheme for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + name: + description: Name defines the cluster name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + tls: + description: TLSDependencyConfig defines the client side + TLS setting for schemaregistry cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the + directory path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration + for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure + ignores the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name + referenced for jks password More information + about jks password key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - name + - url + type: object + type: array + tls: + description: TLSDependencyConfig defines the client side TLS + setting for schemaregistry cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - url + type: object + type: object + externalAccess: + description: ExternalAccess defines the external access configuration + properties: + ingress: + description: Ingress allows to create a ingress service Not implemented + yet! + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type ingress service + type: object + spec: + description: IngressSpec describes the Ingress the user wishes + to exist. + properties: + backend: + description: A default backend capable of servicing requests + that don't match any rule. At least one of 'backend' or + 'rules' must be specified. This field is optional to allow + the loadbalancer controller or defaulting logic to specify + a global default. + properties: + resource: + description: Resource is an ObjectRef to another Kubernetes + resource in the namespace of the Ingress object. If + resource is specified, serviceName and servicePort + must not be specified. + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the referenced service. + x-kubernetes-int-or-string: true + type: object + ingressClassName: + description: IngressClassName is the name of the IngressClass + cluster resource. The associated IngressClass defines + which controller will implement the resource. This replaces + the deprecated `kubernetes.io/ingress.class` annotation. + For backwards compatibility, when that annotation is set, + it must be given precedence over this field. The controller + may emit a warning if the field and annotation have different + values. Implementations of this API should ignore Ingresses + without a class specified. An IngressClass resource may + be marked as default, which can be used to set a default + value for this field. For more information, refer to the + IngressClass documentation. + type: string + rules: + description: A list of host rules used to configure the + Ingress. If unspecified, or no rule matches, all traffic + is sent to the default backend. + items: + description: IngressRule represents the rules mapping + the paths under a specified host to the related backend + services. Incoming requests are first evaluated for + a host match, then routed to the backend associated + with the matching IngressRuleValue. + properties: + host: + description: "Host is the fully qualified domain name + of a network host, as defined by RFC 3986. Note + the following deviations from the \"host\" part + of the URI as defined in RFC 3986: 1. IPs are not + allowed. Currently an IngressRuleValue can only + apply to the IP in the Spec of the parent Ingress. + 2. The `:` delimiter is not respected because ports + are not allowed. \t Currently the port of an Ingress + is implicitly :80 for http and \t :443 for https. + Both these may change in the future. Incoming requests + are matched against the host before the IngressRuleValue. + If the host is unspecified, the Ingress routes all + traffic based on the specified IngressRuleValue. + \n Host can be \"precise\" which is a domain name + without the terminating dot of a network host (e.g. + \"foo.bar.com\") or \"wildcard\", which is a domain + name prefixed with a single wildcard label (e.g. + \"*.foo.com\"). The wildcard character '*' must + appear by itself as the first DNS label and matches + only a single label. You cannot have a wildcard + label by itself (e.g. Host == \"*\"). Requests will + be matched against the Host field in the following + way: 1. If Host is precise, the request matches + this rule if the http host header is equal to Host. + 2. If Host is a wildcard, then the request matches + this rule if the http host header is to equal to + the suffix (removing the first label) of the wildcard + rule." + type: string + http: + description: 'HTTPIngressRuleValue is a list of http + selectors pointing to backends. In the example: + http:///? -> backend where + where parts of the url correspond to RFC 3986, this + resource will be used to match against everything + after the last ''/'' and before the first ''?'' + or ''#''.' + properties: + paths: + description: A collection of paths that map requests + to backends. + items: + description: HTTPIngressPath associates a path + with a backend. Incoming urls matching the + path are forwarded to the backend. + properties: + backend: + description: Backend defines the referenced + service endpoint to which the traffic + will be forwarded to. + properties: + resource: + description: Resource is an ObjectRef + to another Kubernetes resource in + the namespace of the Ingress object. + If resource is specified, serviceName + and servicePort must not be specified. + properties: + apiGroup: + description: APIGroup is the group + for the resource being referenced. + If APIGroup is not specified, + the specified Kind must be in + the core API group. For any other + third-party types, APIGroup is + required. + type: string + kind: + description: Kind is the type of + resource being referenced + type: string + name: + description: Name is the name of + resource being referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the + referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the + referenced service. + x-kubernetes-int-or-string: true + type: object + path: + description: Path is matched against the + path of an incoming request. Currently + it can contain characters disallowed from + the conventional "path" part of a URL + as defined by RFC 3986. Paths must begin + with a '/'. When unspecified, all paths + from incoming requests are matched. + type: string + pathType: + description: 'PathType determines the interpretation + of the Path matching. PathType can be + one of the following values: * Exact: + Matches the URL path exactly. * Prefix: + Matches based on a URL path prefix split + by ''/''. Matching is done on a path + element by element basis. A path element + refers is the list of labels in the + path split by the ''/'' separator. A request + is a match for path p if every p is + an element-wise prefix of p of the request + path. Note that if the last element of + the path is a substring of the last + element in request path, it is not a match + (e.g. /foo/bar matches /foo/bar/baz, + but does not match /foo/barbaz). * ImplementationSpecific: + Interpretation of the Path matching is + up to the IngressClass. Implementations + can treat this as a separate PathType or + treat it identically to Prefix or Exact + path types. Implementations are required + to support all path types. Defaults to + ImplementationSpecific.' + type: string + required: + - backend + type: object + type: array + required: + - paths + type: object + type: object + type: array + tls: + description: TLS configuration. Currently the Ingress only + supports a single TLS port, 443. If multiple members of + this list specify different hosts, they will be multiplexed + on the same port according to the hostname specified through + the SNI TLS extension, if the ingress controller fulfilling + the ingress supports SNI. + items: + description: IngressTLS describes the transport layer + security associated with an Ingress. + properties: + hosts: + description: Hosts are a list of hosts included in + the TLS certificate. The values in this list must + match the name/s used in the tlsSecret. Defaults + to the wildcard host setting for the loadbalancer + controller fulfilling this Ingress, if left unspecified. + items: + type: string + type: array + secretName: + description: SecretName is the name of the secret + used to terminate TLS traffic on port 443. Field + is left optional to allow TLS routing based on SNI + hostname alone. If the SNI host in a listener conflicts + with the "Host" header field used by an IngressRule, + the SNI host is used for termination and value of + the Host header is used for routing. + type: string + type: object + type: array + type: object + required: + - spec + type: object + loadBalancer: + description: LoadBalancer allows to create a kubernetes load balancer + service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type load balancer + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring source + range + items: + type: string + type: array + port: + description: Port allows to configure external port for client + consumption If not configured, same internal/external port + will be configured per component Information about the port + can be retrieved through status API + format: int32 + type: integer + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port offset + to be used and will go in the increasing order with respect + to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for OpenShift + Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the OpenShift + service type route + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. It defaults + to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: Type defines supported kubernetes external services + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + id: + description: ControlCenterID identifier used as a prefix so that multiple + instances of Control Center can co-exist. + format: int32 + type: integer + image: + description: Image defines application and init docker image configuration. + Change will roll the cluster + properties: + application: + description: Application defines application docker image name + pattern: .+:.+ + type: string + init: + description: Init defines init-container name + pattern: .+:.+ + type: string + pullSecretRef: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods that + reference this ServiceAccount. ImagePullSecrets are distinct from + Secrets because Secrets can be mounted in the pod, but ImagePullSecrets + are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: InjectAnnotations annotations are injected to all the internal + resources created by Operator. All the internal annotations is preserved + and forbidden to override. For pod annotations, use podTemplate.annotations + type: object + injectLabels: + additionalProperties: + type: string + description: InjectLabels labels are injected to all the internal resources + created by Operator. All the internal labels is preserved and forbidden + to override. For pod labels, use podTemplate.labels + type: object + internalTopicReplicatorFactor: + format: int32 + type: integer + k8sClusterDomain: + description: K8SClusterDomain defines configuring kubernetes cluster + domain if required. If this setting is not configured it will default + to cluster.local domain. + type: string + license: + description: License defines license configuration for Confluent platform + component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where license key is mounted. More information about + the usage be found in Confluent Operator document. + minLength: 1 + type: string + globalLicense: + description: GlobalLicense specifies whether operator pod license + will be used for this component If enabled then Confluent platform + component shares Confluent Operator license. + type: boolean + secretRef: + description: SecretRef is secret reference which provides license + for CP component More information about the license key struct + can be found in Confluent Operator document. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + mail: + description: ControlCenterSMTPServer, these settings control the SMTP + server and account used when an alerts triggers the email action. + properties: + authentication: + description: Authentication SMTP supports basic authentication support + only For other types of authentication use config overrides capability. + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic + credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on + the server side only. Changes will be only reflected in + ControlCenter (C3). This configuration is ignored on the + client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on + the server side only. This configuration is ignored on + the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme for + Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + checkServerIdentity: + description: CheckServerIdentity forces validation of server’s certificate + when using STARTTLS or SSL. + type: boolean + hostname: + description: Hostname of outgoing SMTP server + minLength: 1 + type: string + mailBounceAddress: + description: MailBounceAddress override for MailFrom config to send + message + minLength: 1 + type: string + mailFrom: + description: MailFrom the originating address for emails sent from + Control Center. + minLength: 1 + type: string + port: + description: Port SMTP port open on for hostname + format: int32 + type: integer + startTLSRequired: + description: StartTLSRequired forces using STARTTLS. + type: boolean + required: + - hostname + type: object + metrics: + description: Metrics specifies the security settings for metric services + properties: + authentication: + description: Metrics security authentication + properties: + type: + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: Override for jmx-prometheus exporter configs + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Prometheus exporter rule override + properties: + attrNameSnakeCase: + minLength: 1 + type: string + cache: + minLength: 1 + type: string + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + minLength: 1 + type: string + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP component + (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + monitoringKafkaClusters: + description: MonitoringKafkaClusters defines configuring monitoring + clusters + items: + description: MonitoringKafkaClusters kafka cluster configuration + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + name: + description: Name defines the cluster name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + tls: + description: TLSDependencyConfig defines the client side TLS setting + for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + required: + - name + type: object + type: array + mountedSecrets: + description: MountedSecrets defines list of secrets reference injected + to the the underlying statefulset configuration. The secret reference + is mounted secret mounted in default path /mnt/secrets/. + The underlying resources will follow the secret as a file configuration + as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod + Change will roll the cluster + items: + description: MountedSecrets allows provides a way to inject custom + secret to underlying statefulset. + properties: + keyItems: + description: keyItems is list of key and path names + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must + be a value between 0 and 0777. If not specified, the volume + defaultMode will be used. This might be in conflict with + other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key + to. May not be an absolute path. May not contain the path + element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: SecretRef defines the secret name referenced + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + name: + description: ControlCenterName name of the cluster + type: string + oneReplicaPerNode: + description: OneReplicaPerNode enforces to run 1 pod per node through + pod anti-affinity capability. Enabling this configuration in existing + cluster will roll. Change will roll the cluster + type: boolean + podTemplate: + description: PodTemplate defines some statefulset pod template configuration + properties: + affinity: + description: 'Affinity is a group of affinity scheduling rules. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its + node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. + The TopologySelectorTerm type implements a subset + of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the + sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations defines an unstructured key value map + stored with a resource that may be set by external tools to store + and retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + envVars: + description: 'EnvVars defines the collection of EnvVar to inject + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Labels defines map of string keys and values that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present in + container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all + containers in a pod. Some volume types allow the Kubelet to + change the ownership of that volume to be owned by the pod: + \n 1. The owning GID will be the FSGroup 2. The setgid bit + is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership and permissions + of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence for + that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to + start the container if it does. If unset or false, no such + validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run + in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName defines priority class for the pod + (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: Probe defines some fields of standard kubernetes readiness/liveness + probe configuration. + properties: + liveness: + description: Liveness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + readiness: + description: Readiness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + type: object + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds defines grace period + for pod deletion + format: int64 + type: integer + tolerations: + description: Tolerations defines The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator . + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using the + matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to + Equal. Exists is equivalent to wildcard for value, so that + a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do + not evict). Zero and negative values will be treated as + 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + type: object + replicas: + description: Replicas is the desired number of replicas of the given + Template. Change will roll the cluster + format: int32 + type: integer + storageClass: + description: StorageClass defines user provided storage class reference + properties: + name: + description: Name defines name is the storage class reference name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + telemetry: + description: ConfluentTelemetry defines the confluent telemetry reporter + configuration + properties: + global: + description: Global will allow disabling telemetry configuration. + If Operator is deployed with telemetry, this field is only is + used to disabled. By default the value is true if telemetry is + enabled in global level. + type: boolean + type: object + tls: + description: TLS defines tls configuration for rest-endpoint + properties: + autoGeneratedCerts: + description: AutoGenerated if configures generates the certificates + based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where keystore/truststore.jks/jksPassword.txt keys + are mounted. CP will not configure truststore.jks can be ignored + with IgnoreTrustStoreConfig field + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the truststore + configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced for + jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced for + jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for certificates + More information about certificates key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - dataVolumeCapacity + - image + - replicas + type: object + status: + description: ControlCenterStatus defines the observed state of ControlCenter + properties: + authorizationType: + type: string + clusterName: + description: ClusterName defines the name of the cluster + type: string + clusterNamespace: + description: ClusterNamespace provides the namespace where cluster is + running + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + controlCenterName: + type: string + currentReplicas: + description: CurrentReplicas defines current running replicas + format: int32 + type: integer + id: + format: int32 + type: integer + internalSecrets: + description: InternalSecrets defines the list of internal secrets created + by Operator for each CP component. + items: + type: string + type: array + internalTopicNames: + description: InternalTopicNames is a list of topics used by the component + for internal use + items: + type: string + type: array + kafka: + description: KafkaClientInfoStatus defines the kafka client side status + for all CP component + properties: + authenticationType: + description: AuthenticationType defines the authentication type + for kafka + type: string + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + type: string + tls: + description: TLS defines if tls is enabled for kafka dependency + type: boolean + type: object + operatorVersion: + description: OperatorVersion defines the internal version of operator + type: string + phase: + description: Phase defines the state of the CP component + type: string + rbac: + description: RBACInfoStatus defines RBAC related status when RBAC is + enabled + properties: + clusterId: + description: ClusterId defines the id of cluster + type: string + internalRolebindings: + description: RolebindingState defines the state of internal rolebindings + items: + type: string + type: array + type: object + readyReplicas: + description: ReadyReplicas defines current ready replicas + format: int32 + type: integer + replicas: + description: Replicas defines replicas + format: int32 + type: integer + restConfig: + description: ListenerStatus describes general information about a listeners + properties: + advertisedExternalEndpoints: + description: AdvertisedExternalEndpoints defines other advertised + endpoints, especially use for kafka + items: + type: string + type: array + authenticationType: + description: AuthenticationType defines authentication type configured + by a listener + type: string + externalEndpoint: + description: ExternalEndpoint defines the external endpoint to connect + to the service + type: string + internalEndpoint: + description: InternalEndpoint defines the internal endpoint to connect + to the service + type: string + tls: + description: TLS defines whether tls is configured by a listener + type: boolean + type: object + required: + - id + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.0.1/crds/platform.confluent.io_kafkarestclasses.yaml b/base/cfk-base/2.0.1/crds/platform.confluent.io_kafkarestclasses.yaml new file mode 100644 index 0000000..d685a88 --- /dev/null +++ b/base/cfk-base/2.0.1/crds/platform.confluent.io_kafkarestclasses.yaml @@ -0,0 +1,364 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_kafkarestclasses.yaml + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: kafkarestclasses.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: KafkaRestClass + listKind: KafkaRestClassList + plural: kafkarestclasses + shortNames: + - krc + - kafkarestclass + singular: kafkarestclass + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: KafkaRestClass is the Schema for the kafkarestclasses API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KafkaRestClassSpec defines the desired state of KafkaRestClass + properties: + kafkaClusterRef: + description: KafkaClusterRef defines the name of the kafka cluster + properties: + name: + description: Name defines name of the Kafka cluster + minLength: 1 + type: string + namespace: + description: Namespace defines namespace where kafka cluster is + running + minLength: 1 + type: string + required: + - name + type: object + kafkaRest: + description: KafkaRestApiInfo defines Kafka Rest API configuration + properties: + authentication: + description: Authentication defines authentication of Kafka Rest + API + properties: + basic: + description: BasicAuthentication defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic + credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on + the server side only. Changes will be only reflected in + ControlCenter (C3). This configuration is ignored on the + client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on + the server side only. This configuration is ignored on + the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + bearer: + description: BearerAuthentication used by MDS clients + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - basic + - bearer + type: string + required: + - type + type: object + endpoint: + description: Endpoint defines where confluent Kafka Rest API is + running + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: TLSDependencyConfig defines the client side tls configuration + to connect to Kafka Rest API + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + secondaryKafkaClusterRef: + description: SecondaryKafkaClusterRef defines the name of the secondary + kafka cluster when using centralized RBAC + properties: + name: + description: Name defines name of the Kafka cluster + minLength: 1 + type: string + namespace: + description: Namespace defines namespace where kafka cluster is + running + minLength: 1 + type: string + required: + - name + type: object + secondaryKafkaRest: + description: SeconaryKafkaRestApiInfo defines secondary Kafka Rest API + configuration when using centralized RBAC + properties: + authentication: + description: Authentication defines authentication of Kafka Rest + API + properties: + basic: + description: BasicAuthentication defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic + credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on + the server side only. Changes will be only reflected in + ControlCenter (C3). This configuration is ignored on the + client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on + the server side only. This configuration is ignored on + the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + bearer: + description: BearerAuthentication used by MDS clients + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - basic + - bearer + type: string + required: + - type + type: object + endpoint: + description: Endpoint defines where confluent Kafka Rest API is + running + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: TLSDependencyConfig defines the client side tls configuration + to connect to Kafka Rest API + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + type: object + status: + description: KafkaRestClassStatus defines the observed state of KafkaRestClass + properties: + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + endpoint: + description: Endpoint defines the kafkarest/mds endpoint + type: string + kafkaClusterId: + description: KafkaClusterId defines the cluster id of kafka cluster + If using centralized RBAC and kafkarestclass is for secondary kafka + cluster, it will be clusterId of secondary kafka cluster + type: string + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.0.1/crds/platform.confluent.io_kafkas.yaml b/base/cfk-base/2.0.1/crds/platform.confluent.io_kafkas.yaml new file mode 100644 index 0000000..3d61f2d --- /dev/null +++ b/base/cfk-base/2.0.1/crds/platform.confluent.io_kafkas.yaml @@ -0,0 +1,4984 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_kafkas.yaml + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: kafkas.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.replicas + name: Replicas + type: string + - JSONPath: .status.readyReplicas + name: Ready + type: string + - JSONPath: .status.phase + name: Status + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.zookeeperConnect + name: Zookeeper + priority: 1 + type: string + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: Kafka + listKind: KafkaList + plural: kafkas + shortNames: + - kafka + - broker + singular: kafka + preserveUnknownFields: false + scope: Namespaced + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + validation: + openAPIV3Schema: + description: Kafka is the Schema for the kafkas API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KafkaSpec defines the desired state of CP component, Kafka + Server + properties: + authorization: + description: Authorization defines authorization support + properties: + superUsers: + description: SuperUsers defines list of supers user to give admin + privilege on the Kafka Cluster This list takes the format as User: + items: + type: string + type: array + type: + enum: + - rbac + - simple + type: string + required: + - type + type: object + configOverrides: + description: ConfigurationOverrides defines capability to override server/jvm/log4j + properties for each Confluent platform component. Change will roll + the cluster + properties: + jvm: + description: JVM defines a list of jvm configuration supported by + application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported by + application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + dataVolumeCapacity: + anyOf: + - type: integer + - type: string + description: DataVolumeCapacity defines the PV capacity. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + dependencies: + description: Dependencies defines all the kafka dependencies like zookeeper + and centralized MDS settings + properties: + kafkaRest: + description: KafkaRestApiClientDep provides rest client auth for + MDS when RBAC is enabled + properties: + authentication: + description: Authentication defines authentication of Kafka + Rest API + properties: + bearer: + description: BearerAuthentication defines bearer authentication + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines the authentication type support + for MDS + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: Endpoint defines where confluent Kafka Rest API + is running + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: TLSDependencyConfig defines the client side tls + configuration to connect to Kafka Rest API + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: KafkaPrimaryMetaDataServerDep configure a secondary + Kafka cluster managed by the MDS of the primary Kafka cluster + properties: + endpoint: + description: URLEndpoint defines the URL endpoint in format + http|s://:port + minLength: 1 + pattern: ^https?://.* + type: string + kafka: + description: KafkaClientDependency allows configuring CP component + dependency to configure kafka settings + properties: + authentication: + description: Authentication defines the authentication for + the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's + JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference + to pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete + JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability + to discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is + running Uses the same namespace where Operator is + running if not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side + TLS setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: MDSTokenKeyPair load either through secretRef or + directory path + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - endpoint + - kafka + - tokenKeyPair + type: object + zookeeper: + description: KafkaZookeeperDependencies + properties: + authentication: + description: KafkaClientAuthentication defines the authentication + structure for all dependent CP Component for Kafka Cluster. + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + discovery: + description: Discovery discover structure used by Confluent + platform (CP) + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + endpoint: + description: Endpoint defines the endpoint for service is format + endpoint:port + minLength: 1 + pattern: .+:[0-9]+ + type: string + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + type: object + image: + description: Image defines application and init docker image configuration. + Change will roll the cluster + properties: + application: + description: Application defines application docker image name + pattern: .+:.+ + type: string + init: + description: Init defines init-container name + pattern: .+:.+ + type: string + pullSecretRef: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods that + reference this ServiceAccount. ImagePullSecrets are distinct from + Secrets because Secrets can be mounted in the pod, but ImagePullSecrets + are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: InjectAnnotations annotations are injected to all the internal + resources created by Operator. All the internal annotations is preserved + and forbidden to override. For pod annotations, use podTemplate.annotations + type: object + injectLabels: + additionalProperties: + type: string + description: InjectLabels labels are injected to all the internal resources + created by Operator. All the internal labels is preserved and forbidden + to override. For pod labels, use podTemplate.labels + type: object + k8sClusterDomain: + description: K8SClusterDomain defines configuring kubernetes cluster + domain if required. If this setting is not configured it will default + to cluster.local domain. + type: string + license: + description: License defines license configuration for Confluent platform + component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where license key is mounted. More information about + the usage be found in Confluent Operator document. + minLength: 1 + type: string + globalLicense: + description: GlobalLicense specifies whether operator pod license + will be used for this component If enabled then Confluent platform + component shares Confluent Operator license. + type: boolean + secretRef: + description: SecretRef is secret reference which provides license + for CP component More information about the license key struct + can be found in Confluent Operator document. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + listeners: + description: Listeners defines listeners configurations + properties: + custom: + items: + description: KafkaCustomListener ... + properties: + authentication: + description: KafkaZkAuthentication defines authentication + structure for Kafka/ZK cluster. + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to + pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + principalMappingRules: + items: + type: string + type: array + type: + description: Type defines supported kafka authentication + types + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + externalAccess: + description: KafkaExternalAccess allows to configure external + access for Kafka cluster + properties: + ingress: + description: Ingress allows to create a ingress service + Not implemented yet! + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations + for the kubernetes service type ingress service + type: object + spec: + description: IngressSpec describes the Ingress the + user wishes to exist. + properties: + backend: + description: A default backend capable of servicing + requests that don't match any rule. At least + one of 'backend' or 'rules' must be specified. + This field is optional to allow the loadbalancer + controller or defaulting logic to specify a + global default. + properties: + resource: + description: Resource is an ObjectRef to another + Kubernetes resource in the namespace of + the Ingress object. If resource is specified, + serviceName and servicePort must not be + specified. + properties: + apiGroup: + description: APIGroup is the group for + the resource being referenced. If APIGroup + is not specified, the specified Kind + must be in the core API group. For any + other third-party types, APIGroup is + required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the referenced + service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the referenced + service. + x-kubernetes-int-or-string: true + type: object + ingressClassName: + description: IngressClassName is the name of the + IngressClass cluster resource. The associated + IngressClass defines which controller will implement + the resource. This replaces the deprecated `kubernetes.io/ingress.class` + annotation. For backwards compatibility, when + that annotation is set, it must be given precedence + over this field. The controller may emit a warning + if the field and annotation have different values. + Implementations of this API should ignore Ingresses + without a class specified. An IngressClass resource + may be marked as default, which can be used + to set a default value for this field. For more + information, refer to the IngressClass documentation. + type: string + rules: + description: A list of host rules used to configure + the Ingress. If unspecified, or no rule matches, + all traffic is sent to the default backend. + items: + description: IngressRule represents the rules + mapping the paths under a specified host to + the related backend services. Incoming requests + are first evaluated for a host match, then + routed to the backend associated with the + matching IngressRuleValue. + properties: + host: + description: "Host is the fully qualified + domain name of a network host, as defined + by RFC 3986. Note the following deviations + from the \"host\" part of the URI as defined + in RFC 3986: 1. IPs are not allowed. Currently + an IngressRuleValue can only apply to + \ the IP in the Spec of the parent Ingress. + 2. The `:` delimiter is not respected + because ports are not allowed. \t Currently + the port of an Ingress is implicitly :80 + for http and \t :443 for https. Both + these may change in the future. Incoming + requests are matched against the host + before the IngressRuleValue. If the host + is unspecified, the Ingress routes all + traffic based on the specified IngressRuleValue. + \n Host can be \"precise\" which is a + domain name without the terminating dot + of a network host (e.g. \"foo.bar.com\") + or \"wildcard\", which is a domain name + prefixed with a single wildcard label + (e.g. \"*.foo.com\"). The wildcard character + '*' must appear by itself as the first + DNS label and matches only a single label. + You cannot have a wildcard label by itself + (e.g. Host == \"*\"). Requests will be + matched against the Host field in the + following way: 1. If Host is precise, + the request matches this rule if the http + host header is equal to Host. 2. If Host + is a wildcard, then the request matches + this rule if the http host header is to + equal to the suffix (removing the first + label) of the wildcard rule." + type: string + http: + description: 'HTTPIngressRuleValue is a + list of http selectors pointing to backends. + In the example: http:///? + -> backend where where parts of the url + correspond to RFC 3986, this resource + will be used to match against everything + after the last ''/'' and before the first + ''?'' or ''#''.' + properties: + paths: + description: A collection of paths that + map requests to backends. + items: + description: HTTPIngressPath associates + a path with a backend. Incoming + urls matching the path are forwarded + to the backend. + properties: + backend: + description: Backend defines the + referenced service endpoint + to which the traffic will be + forwarded to. + properties: + resource: + description: Resource is an + ObjectRef to another Kubernetes + resource in the namespace + of the Ingress object. If + resource is specified, serviceName + and servicePort must not + be specified. + properties: + apiGroup: + description: APIGroup + is the group for the + resource being referenced. + If APIGroup is not specified, + the specified Kind must + be in the core API group. + For any other third-party + types, APIGroup is required. + type: string + kind: + description: Kind is the + type of resource being + referenced + type: string + name: + description: Name is the + name of resource being + referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the + name of the referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the + port of the referenced service. + x-kubernetes-int-or-string: true + type: object + path: + description: Path is matched against + the path of an incoming request. + Currently it can contain characters + disallowed from the conventional + "path" part of a URL as defined + by RFC 3986. Paths must begin + with a '/'. When unspecified, + all paths from incoming requests + are matched. + type: string + pathType: + description: 'PathType determines + the interpretation of the Path + matching. PathType can be one + of the following values: * Exact: + Matches the URL path exactly. + * Prefix: Matches based on a + URL path prefix split by ''/''. + Matching is done on a path + element by element basis. A + path element refers is the list + of labels in the path split + by the ''/'' separator. A request + is a match for path p if every + p is an element-wise prefix + of p of the request path. + Note that if the last element + of the path is a substring of + the last element in request + path, it is not a match (e.g. + /foo/bar matches /foo/bar/baz, + but does not match /foo/barbaz). + * ImplementationSpecific: Interpretation + of the Path matching is up to the + IngressClass. Implementations + can treat this as a separate + PathType or treat it identically + to Prefix or Exact path types. + Implementations are required + to support all path types. Defaults + to ImplementationSpecific.' + type: string + required: + - backend + type: object + type: array + required: + - paths + type: object + type: object + type: array + tls: + description: TLS configuration. Currently the + Ingress only supports a single TLS port, 443. + If multiple members of this list specify different + hosts, they will be multiplexed on the same + port according to the hostname specified through + the SNI TLS extension, if the ingress controller + fulfilling the ingress supports SNI. + items: + description: IngressTLS describes the transport + layer security associated with an Ingress. + properties: + hosts: + description: Hosts are a list of hosts included + in the TLS certificate. The values in + this list must match the name/s used in + the tlsSecret. Defaults to the wildcard + host setting for the loadbalancer controller + fulfilling this Ingress, if left unspecified. + items: + type: string + type: array + secretName: + description: SecretName is the name of the + secret used to terminate TLS traffic on + port 443. Field is left optional to allow + TLS routing based on SNI hostname alone. + If the SNI host in a listener conflicts + with the "Host" header field used by an + IngressRule, the SNI host is used for + termination and value of the Host header + is used for routing. + type: string + type: object + type: array + type: object + required: + - spec + type: object + loadBalancer: + description: LoadBalancer allows to create a kubernetes + load balancer service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations + for the kubernetes service type load balancer + type: object + bootstrapPrefix: + description: BootstrapPrefix defines the prefix for + bootstrap advertised endpoint and will be added + as bootstrapPrefix.domain If not configured it will + be the cluster name of CR + minLength: 1 + type: string + brokerPrefix: + description: 'BrokerPrefix defines the prefix for + broker advertised endpoint and will be added as + brokerPrefix.domain If not configured, it will add + b as a prefix, like b#.domain where # will start + from 0 to replicas count' + minLength: 1 + type: string + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring + source range + items: + type: string + type: array + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on + service's port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed + names such as mycompany.com/my-custom-protocol. + Field can be enabled with ServiceAppProtocol + feature gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which + this service is exposed when type=NodePort + or LoadBalancer. Usually assigned by the system. + If specified, it will be allocated to the + service if unused or else creation of the + service will fail. Default is to auto-allocate + a port if the ServiceType of this Service + requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. + Supports "TCP", "UDP", and "SCTP". Default + is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to + access on the pods targeted by the service. + Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. If this is a string, + it will be looked up as a named port in the + target Pod''s container ports. If this is + not specified, the value of the ''port'' field + is used (an identity map). This field is ignored + for services with clusterIP=None, and should + be omitted or set equal to the ''port'' field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node + port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations + for the kubernetes service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port + offset to be used and will go in the increasing + order with respect to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on + service's port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed + names such as mycompany.com/my-custom-protocol. + Field can be enabled with ServiceAppProtocol + feature gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which + this service is exposed when type=NodePort + or LoadBalancer. Usually assigned by the system. + If specified, it will be allocated to the + service if unused or else creation of the + service will fail. Default is to auto-allocate + a port if the ServiceType of this Service + requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. + Supports "TCP", "UDP", and "SCTP". Default + is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to + access on the pods targeted by the service. + Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. If this is a string, + it will be looked up as a named port in the + target Pod''s container ports. If this is + not specified, the value of the ''port'' field + is used (an identity map). This field is ignored + for services with clusterIP=None, and should + be omitted or set equal to the ''port'' field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for + OpenShift Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations + for the OpenShift service type route + type: object + bootstrapPrefix: + description: BootstrapPrefix defines the prefix for + bootstrap advertised endpoint and will be added + as bootstrapPrefix.domain If not configured it will + be the cluster name of CR + minLength: 1 + type: string + brokerPrefix: + description: 'BrokerPrefix defines the prefix for + broker advertised endpoint and will be added as + brokerPrefix.domain If not configured, it will add + b as a prefix, like b#.domain where # will start + from 0 to replicas count' + minLength: 1 + type: string + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. + It defaults to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + staticForHostBasedRouting: + description: StaticForHostBasedRouting allows to integrate + with external ingress controllers by doing host based + routing through SNI capability. With this schema, operator + configures kafka advertised listeners only and no kubernetes + external service will be created. + properties: + brokerPrefix: + description: 'BrokerPrefix defines the prefix for + broker advertised endpoint and will be added as + brokerPrefix.domain If not configured, it will add + b as a prefix, like b#.domain where # will start + from 0 to replicas count' + minLength: 1 + type: string + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + port: + description: Port defines the port to be used in the + advertised listener for a broker + format: int32 + type: integer + required: + - domain + - port + type: object + staticForPortBasedRouting: + description: StaticForPortBasedRouting allows to enable + external access by port routing With this schema, operator + configures kafka advertised listeners only and no kubernetes + external service will be created. + properties: + host: + description: Host defines the host name to be used + in the advertised listener for a broker + minLength: 1 + type: string + portOffset: + description: PortOffset defines the portOffset to + be used and will go in the increasing order with + respect to the replicas count + format: int32 + type: integer + required: + - host + - portOffset + type: object + type: + description: Type defines supported kubernetes external + services + enum: + - loadBalancer + - nodePort + - route + - staticForPortBasedRouting + - staticForHostBasedRouting + type: string + required: + - type + type: object + name: + description: Name defines the name of the custom listener + internal/external/token can't be used as they are reserved + by the Operator + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + port: + description: Port will bind given port to the custom listener. + Port < 9093 is reserved by the Operator + format: int32 + minimum: 9093 + type: integer + tls: + description: ClientTLSConfig defines TLS configuration for + CP component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + required: + - name + - port + type: object + type: array + external: + description: KafkaExternalAccessListener is the kafka specific external + listener + properties: + authentication: + description: KafkaZkAuthentication defines authentication structure + for Kafka/ZK cluster. + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + principalMappingRules: + items: + type: string + type: array + type: + description: Type defines supported kafka authentication + types + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + externalAccess: + description: KafkaExternalAccess allows to configure external + access for Kafka cluster + properties: + ingress: + description: Ingress allows to create a ingress service + Not implemented yet! + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type ingress service + type: object + spec: + description: IngressSpec describes the Ingress the user + wishes to exist. + properties: + backend: + description: A default backend capable of servicing + requests that don't match any rule. At least one + of 'backend' or 'rules' must be specified. This + field is optional to allow the loadbalancer controller + or defaulting logic to specify a global default. + properties: + resource: + description: Resource is an ObjectRef to another + Kubernetes resource in the namespace of the + Ingress object. If resource is specified, + serviceName and servicePort must not be specified. + properties: + apiGroup: + description: APIGroup is the group for the + resource being referenced. If APIGroup + is not specified, the specified Kind must + be in the core API group. For any other + third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the referenced + service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the referenced + service. + x-kubernetes-int-or-string: true + type: object + ingressClassName: + description: IngressClassName is the name of the + IngressClass cluster resource. The associated + IngressClass defines which controller will implement + the resource. This replaces the deprecated `kubernetes.io/ingress.class` + annotation. For backwards compatibility, when + that annotation is set, it must be given precedence + over this field. The controller may emit a warning + if the field and annotation have different values. + Implementations of this API should ignore Ingresses + without a class specified. An IngressClass resource + may be marked as default, which can be used to + set a default value for this field. For more information, + refer to the IngressClass documentation. + type: string + rules: + description: A list of host rules used to configure + the Ingress. If unspecified, or no rule matches, + all traffic is sent to the default backend. + items: + description: IngressRule represents the rules + mapping the paths under a specified host to + the related backend services. Incoming requests + are first evaluated for a host match, then routed + to the backend associated with the matching + IngressRuleValue. + properties: + host: + description: "Host is the fully qualified + domain name of a network host, as defined + by RFC 3986. Note the following deviations + from the \"host\" part of the URI as defined + in RFC 3986: 1. IPs are not allowed. Currently + an IngressRuleValue can only apply to the + IP in the Spec of the parent Ingress. 2. + The `:` delimiter is not respected because + ports are not allowed. \t Currently the + port of an Ingress is implicitly :80 for + http and \t :443 for https. Both these + may change in the future. Incoming requests + are matched against the host before the + IngressRuleValue. If the host is unspecified, + the Ingress routes all traffic based on + the specified IngressRuleValue. \n Host + can be \"precise\" which is a domain name + without the terminating dot of a network + host (e.g. \"foo.bar.com\") or \"wildcard\", + which is a domain name prefixed with a single + wildcard label (e.g. \"*.foo.com\"). The + wildcard character '*' must appear by itself + as the first DNS label and matches only + a single label. You cannot have a wildcard + label by itself (e.g. Host == \"*\"). Requests + will be matched against the Host field in + the following way: 1. If Host is precise, + the request matches this rule if the http + host header is equal to Host. 2. If Host + is a wildcard, then the request matches + this rule if the http host header is to + equal to the suffix (removing the first + label) of the wildcard rule." + type: string + http: + description: 'HTTPIngressRuleValue is a list + of http selectors pointing to backends. + In the example: http:///? + -> backend where where parts of the url + correspond to RFC 3986, this resource will + be used to match against everything after + the last ''/'' and before the first ''?'' + or ''#''.' + properties: + paths: + description: A collection of paths that + map requests to backends. + items: + description: HTTPIngressPath associates + a path with a backend. Incoming urls + matching the path are forwarded to + the backend. + properties: + backend: + description: Backend defines the + referenced service endpoint to + which the traffic will be forwarded + to. + properties: + resource: + description: Resource is an + ObjectRef to another Kubernetes + resource in the namespace + of the Ingress object. If + resource is specified, serviceName + and servicePort must not be + specified. + properties: + apiGroup: + description: APIGroup is + the group for the resource + being referenced. If APIGroup + is not specified, the + specified Kind must be + in the core API group. + For any other third-party + types, APIGroup is required. + type: string + kind: + description: Kind is the + type of resource being + referenced + type: string + name: + description: Name is the + name of resource being + referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name + of the referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port + of the referenced service. + x-kubernetes-int-or-string: true + type: object + path: + description: Path is matched against + the path of an incoming request. + Currently it can contain characters + disallowed from the conventional + "path" part of a URL as defined + by RFC 3986. Paths must begin + with a '/'. When unspecified, + all paths from incoming requests + are matched. + type: string + pathType: + description: 'PathType determines + the interpretation of the Path + matching. PathType can be one + of the following values: * Exact: + Matches the URL path exactly. + * Prefix: Matches based on a URL + path prefix split by ''/''. Matching + is done on a path element by + element basis. A path element + refers is the list of labels + in the path split by the ''/'' + separator. A request is a match + for path p if every p is an element-wise + prefix of p of the request path. + Note that if the last element + of the path is a substring of + the last element in request path, + it is not a match (e.g. /foo/bar matches + /foo/bar/baz, but does not match + /foo/barbaz). * ImplementationSpecific: + Interpretation of the Path matching + is up to the IngressClass. Implementations + can treat this as a separate PathType or + treat it identically to Prefix + or Exact path types. Implementations + are required to support all path + types. Defaults to ImplementationSpecific.' + type: string + required: + - backend + type: object + type: array + required: + - paths + type: object + type: object + type: array + tls: + description: TLS configuration. Currently the Ingress + only supports a single TLS port, 443. If multiple + members of this list specify different hosts, + they will be multiplexed on the same port according + to the hostname specified through the SNI TLS + extension, if the ingress controller fulfilling + the ingress supports SNI. + items: + description: IngressTLS describes the transport + layer security associated with an Ingress. + properties: + hosts: + description: Hosts are a list of hosts included + in the TLS certificate. The values in this + list must match the name/s used in the tlsSecret. + Defaults to the wildcard host setting for + the loadbalancer controller fulfilling this + Ingress, if left unspecified. + items: + type: string + type: array + secretName: + description: SecretName is the name of the + secret used to terminate TLS traffic on + port 443. Field is left optional to allow + TLS routing based on SNI hostname alone. + If the SNI host in a listener conflicts + with the "Host" header field used by an + IngressRule, the SNI host is used for termination + and value of the Host header is used for + routing. + type: string + type: object + type: array + type: object + required: + - spec + type: object + loadBalancer: + description: LoadBalancer allows to create a kubernetes + load balancer service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type load balancer + type: object + bootstrapPrefix: + description: BootstrapPrefix defines the prefix for + bootstrap advertised endpoint and will be added as + bootstrapPrefix.domain If not configured it will be + the cluster name of CR + minLength: 1 + type: string + brokerPrefix: + description: 'BrokerPrefix defines the prefix for broker + advertised endpoint and will be added as brokerPrefix.domain + If not configured, it will add b as a prefix, like + b#.domain where # will start from 0 to replicas count' + minLength: 1 + type: string + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring + source range + items: + type: string + type: array + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. Field + can be enabled with ServiceAppProtocol feature + gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type=NodePort or LoadBalancer. + Usually assigned by the system. If specified, + it will be allocated to the service if unused + or else creation of the service will fail. Default + is to auto-allocate a port if the ServiceType + of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number + must be in the range 1 to 65535. Name must be + an IANA_SVC_NAME. If this is a string, it will + be looked up as a named port in the target Pod''s + container ports. If this is not specified, the + value of the ''port'' field is used (an identity + map). This field is ignored for services with + clusterIP=None, and should be omitted or set + equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node + port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port + offset to be used and will go in the increasing order + with respect to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. Field + can be enabled with ServiceAppProtocol feature + gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type=NodePort or LoadBalancer. + Usually assigned by the system. If specified, + it will be allocated to the service if unused + or else creation of the service will fail. Default + is to auto-allocate a port if the ServiceType + of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number + must be in the range 1 to 65535. Name must be + an IANA_SVC_NAME. If this is a string, it will + be looked up as a named port in the target Pod''s + container ports. If this is not specified, the + value of the ''port'' field is used (an identity + map). This field is ignored for services with + clusterIP=None, and should be omitted or set + equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for + OpenShift Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the OpenShift service type route + type: object + bootstrapPrefix: + description: BootstrapPrefix defines the prefix for + bootstrap advertised endpoint and will be added as + bootstrapPrefix.domain If not configured it will be + the cluster name of CR + minLength: 1 + type: string + brokerPrefix: + description: 'BrokerPrefix defines the prefix for broker + advertised endpoint and will be added as brokerPrefix.domain + If not configured, it will add b as a prefix, like + b#.domain where # will start from 0 to replicas count' + minLength: 1 + type: string + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. + It defaults to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + staticForHostBasedRouting: + description: StaticForHostBasedRouting allows to integrate + with external ingress controllers by doing host based + routing through SNI capability. With this schema, operator + configures kafka advertised listeners only and no kubernetes + external service will be created. + properties: + brokerPrefix: + description: 'BrokerPrefix defines the prefix for broker + advertised endpoint and will be added as brokerPrefix.domain + If not configured, it will add b as a prefix, like + b#.domain where # will start from 0 to replicas count' + minLength: 1 + type: string + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + port: + description: Port defines the port to be used in the + advertised listener for a broker + format: int32 + type: integer + required: + - domain + - port + type: object + staticForPortBasedRouting: + description: StaticForPortBasedRouting allows to enable + external access by port routing With this schema, operator + configures kafka advertised listeners only and no kubernetes + external service will be created. + properties: + host: + description: Host defines the host name to be used in + the advertised listener for a broker + minLength: 1 + type: string + portOffset: + description: PortOffset defines the portOffset to be + used and will go in the increasing order with respect + to the replicas count + format: int32 + type: integer + required: + - host + - portOffset + type: object + type: + description: Type defines supported kubernetes external + services + enum: + - loadBalancer + - nodePort + - route + - staticForPortBasedRouting + - staticForHostBasedRouting + type: string + required: + - type + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + internal: + description: Listener is the base fields for component listener + configuration + properties: + authentication: + description: KafkaZkAuthentication defines authentication structure + for Kafka/ZK cluster. + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + principalMappingRules: + items: + type: string + type: array + type: + description: Type defines supported kafka authentication + types + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + type: object + metricReporter: + description: MetricsReporter defines the metric reporter configuration + which will be enabled by default, and piggyback internal listener's + authentication and TLS if it is not set + properties: + authentication: + description: KafkaClientAuthentication defines the authentication + structure for all dependent CP Component for Kafka Cluster. + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + type: string + enabled: + type: boolean + replicationFactor: + format: int32 + type: integer + tls: + description: ClientTLSConfig defines TLS configuration for CP component + (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + required: + - enabled + type: object + metrics: + description: Metrics specifies the security settings for metric services + properties: + authentication: + description: Metrics security authentication + properties: + type: + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: Override for jmx-prometheus exporter configs + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Prometheus exporter rule override + properties: + attrNameSnakeCase: + minLength: 1 + type: string + cache: + minLength: 1 + type: string + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + minLength: 1 + type: string + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP component + (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: MountedSecrets defines list of secrets reference injected + to the the underlying statefulset configuration. The secret reference + is mounted secret mounted in default path /mnt/secrets/. + The underlying resources will follow the secret as a file configuration + as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod + Change will roll the cluster + items: + description: MountedSecrets allows provides a way to inject custom + secret to underlying statefulset. + properties: + keyItems: + description: keyItems is list of key and path names + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must + be a value between 0 and 0777. If not specified, the volume + defaultMode will be used. This might be in conflict with + other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key + to. May not be an absolute path. May not contain the path + element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: SecretRef defines the secret name referenced + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + oneReplicaPerNode: + description: OneReplicaPerNode enforces to run 1 pod per node through + pod anti-affinity capability. Enabling this configuration in existing + cluster will roll. Change will roll the cluster + type: boolean + podTemplate: + description: PodTemplate defines some statefulset pod template configuration + properties: + affinity: + description: 'Affinity is a group of affinity scheduling rules. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its + node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. + The TopologySelectorTerm type implements a subset + of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the + sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations defines an unstructured key value map + stored with a resource that may be set by external tools to store + and retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + envVars: + description: 'EnvVars defines the collection of EnvVar to inject + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Labels defines map of string keys and values that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present in + container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all + containers in a pod. Some volume types allow the Kubelet to + change the ownership of that volume to be owned by the pod: + \n 1. The owning GID will be the FSGroup 2. The setgid bit + is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership and permissions + of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence for + that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to + start the container if it does. If unset or false, no such + validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run + in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName defines priority class for the pod + (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: Probe defines some fields of standard kubernetes readiness/liveness + probe configuration. + properties: + liveness: + description: Liveness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + readiness: + description: Readiness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + type: object + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds defines grace period + for pod deletion + format: int64 + type: integer + tolerations: + description: Tolerations defines The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator . + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using the + matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to + Equal. Exists is equivalent to wildcard for value, so that + a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do + not evict). Zero and negative values will be treated as + 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + type: object + rackAssignment: + description: RackAssignment defines the rack awareness capability for + kafka + properties: + availabilityZoneCount: + description: AvailabilityZoneCount if configured will configure + broker.rack with formula (pod_id % azCount) this is mainly for + backwards compatibility with Operator 1.0 + format: int32 + type: integer + nodeLabels: + description: NodeLabels if configured uses the kubernetes node APIs + to to retrieve the value to be used in the broker.rack. This feature + requires Confluent Operaotr to run in cluster-level access + items: + type: string + minItems: 1 + type: array + type: object + replicas: + description: Replicas is the desired number of replicas of the given + Template. Change will roll the cluster + format: int32 + type: integer + services: + description: KafkaServices defines services supported part of kafka + properties: + kafkaRest: + description: RestApiServer embedded rest api server + properties: + externalAccess: + description: CPExternalAccess holds all external access policies + for non-kafka components + properties: + ingress: + description: Ingress allows to create a ingress service + Not implemented yet! + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type ingress service + type: object + spec: + description: IngressSpec describes the Ingress the user + wishes to exist. + properties: + backend: + description: A default backend capable of servicing + requests that don't match any rule. At least one + of 'backend' or 'rules' must be specified. This + field is optional to allow the loadbalancer controller + or defaulting logic to specify a global default. + properties: + resource: + description: Resource is an ObjectRef to another + Kubernetes resource in the namespace of the + Ingress object. If resource is specified, + serviceName and servicePort must not be specified. + properties: + apiGroup: + description: APIGroup is the group for the + resource being referenced. If APIGroup + is not specified, the specified Kind must + be in the core API group. For any other + third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the referenced + service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the referenced + service. + x-kubernetes-int-or-string: true + type: object + ingressClassName: + description: IngressClassName is the name of the + IngressClass cluster resource. The associated + IngressClass defines which controller will implement + the resource. This replaces the deprecated `kubernetes.io/ingress.class` + annotation. For backwards compatibility, when + that annotation is set, it must be given precedence + over this field. The controller may emit a warning + if the field and annotation have different values. + Implementations of this API should ignore Ingresses + without a class specified. An IngressClass resource + may be marked as default, which can be used to + set a default value for this field. For more information, + refer to the IngressClass documentation. + type: string + rules: + description: A list of host rules used to configure + the Ingress. If unspecified, or no rule matches, + all traffic is sent to the default backend. + items: + description: IngressRule represents the rules + mapping the paths under a specified host to + the related backend services. Incoming requests + are first evaluated for a host match, then routed + to the backend associated with the matching + IngressRuleValue. + properties: + host: + description: "Host is the fully qualified + domain name of a network host, as defined + by RFC 3986. Note the following deviations + from the \"host\" part of the URI as defined + in RFC 3986: 1. IPs are not allowed. Currently + an IngressRuleValue can only apply to the + IP in the Spec of the parent Ingress. 2. + The `:` delimiter is not respected because + ports are not allowed. \t Currently the + port of an Ingress is implicitly :80 for + http and \t :443 for https. Both these + may change in the future. Incoming requests + are matched against the host before the + IngressRuleValue. If the host is unspecified, + the Ingress routes all traffic based on + the specified IngressRuleValue. \n Host + can be \"precise\" which is a domain name + without the terminating dot of a network + host (e.g. \"foo.bar.com\") or \"wildcard\", + which is a domain name prefixed with a single + wildcard label (e.g. \"*.foo.com\"). The + wildcard character '*' must appear by itself + as the first DNS label and matches only + a single label. You cannot have a wildcard + label by itself (e.g. Host == \"*\"). Requests + will be matched against the Host field in + the following way: 1. If Host is precise, + the request matches this rule if the http + host header is equal to Host. 2. If Host + is a wildcard, then the request matches + this rule if the http host header is to + equal to the suffix (removing the first + label) of the wildcard rule." + type: string + http: + description: 'HTTPIngressRuleValue is a list + of http selectors pointing to backends. + In the example: http:///? + -> backend where where parts of the url + correspond to RFC 3986, this resource will + be used to match against everything after + the last ''/'' and before the first ''?'' + or ''#''.' + properties: + paths: + description: A collection of paths that + map requests to backends. + items: + description: HTTPIngressPath associates + a path with a backend. Incoming urls + matching the path are forwarded to + the backend. + properties: + backend: + description: Backend defines the + referenced service endpoint to + which the traffic will be forwarded + to. + properties: + resource: + description: Resource is an + ObjectRef to another Kubernetes + resource in the namespace + of the Ingress object. If + resource is specified, serviceName + and servicePort must not be + specified. + properties: + apiGroup: + description: APIGroup is + the group for the resource + being referenced. If APIGroup + is not specified, the + specified Kind must be + in the core API group. + For any other third-party + types, APIGroup is required. + type: string + kind: + description: Kind is the + type of resource being + referenced + type: string + name: + description: Name is the + name of resource being + referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name + of the referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port + of the referenced service. + x-kubernetes-int-or-string: true + type: object + path: + description: Path is matched against + the path of an incoming request. + Currently it can contain characters + disallowed from the conventional + "path" part of a URL as defined + by RFC 3986. Paths must begin + with a '/'. When unspecified, + all paths from incoming requests + are matched. + type: string + pathType: + description: 'PathType determines + the interpretation of the Path + matching. PathType can be one + of the following values: * Exact: + Matches the URL path exactly. + * Prefix: Matches based on a URL + path prefix split by ''/''. Matching + is done on a path element by + element basis. A path element + refers is the list of labels + in the path split by the ''/'' + separator. A request is a match + for path p if every p is an element-wise + prefix of p of the request path. + Note that if the last element + of the path is a substring of + the last element in request path, + it is not a match (e.g. /foo/bar matches + /foo/bar/baz, but does not match + /foo/barbaz). * ImplementationSpecific: + Interpretation of the Path matching + is up to the IngressClass. Implementations + can treat this as a separate PathType or + treat it identically to Prefix + or Exact path types. Implementations + are required to support all path + types. Defaults to ImplementationSpecific.' + type: string + required: + - backend + type: object + type: array + required: + - paths + type: object + type: object + type: array + tls: + description: TLS configuration. Currently the Ingress + only supports a single TLS port, 443. If multiple + members of this list specify different hosts, + they will be multiplexed on the same port according + to the hostname specified through the SNI TLS + extension, if the ingress controller fulfilling + the ingress supports SNI. + items: + description: IngressTLS describes the transport + layer security associated with an Ingress. + properties: + hosts: + description: Hosts are a list of hosts included + in the TLS certificate. The values in this + list must match the name/s used in the tlsSecret. + Defaults to the wildcard host setting for + the loadbalancer controller fulfilling this + Ingress, if left unspecified. + items: + type: string + type: array + secretName: + description: SecretName is the name of the + secret used to terminate TLS traffic on + port 443. Field is left optional to allow + TLS routing based on SNI hostname alone. + If the SNI host in a listener conflicts + with the "Host" header field used by an + IngressRule, the SNI host is used for termination + and value of the Host header is used for + routing. + type: string + type: object + type: array + type: object + required: + - spec + type: object + loadBalancer: + description: LoadBalancer allows to create a kubernetes + load balancer service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type load balancer + type: object + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring + source range + items: + type: string + type: array + port: + description: Port allows to configure external port + for client consumption If not configured, same internal/external + port will be configured per component Information + about the port can be retrieved through status API + format: int32 + type: integer + prefix: + description: Prefix will add prefix when configured + for the given domain If prefix is not configured, + the name of the cluster will be used as a default + value + minLength: 1 + type: string + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. Field + can be enabled with ServiceAppProtocol feature + gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type=NodePort or LoadBalancer. + Usually assigned by the system. If specified, + it will be allocated to the service if unused + or else creation of the service will fail. Default + is to auto-allocate a port if the ServiceType + of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number + must be in the range 1 to 65535. Name must be + an IANA_SVC_NAME. If this is a string, it will + be looked up as a named port in the target Pod''s + container ports. If this is not specified, the + value of the ''port'' field is used (an identity + map). This field is ignored for services with + clusterIP=None, and should be omitted or set + equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node + port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port + offset to be used and will go in the increasing order + with respect to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. Field + can be enabled with ServiceAppProtocol feature + gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type=NodePort or LoadBalancer. + Usually assigned by the system. If specified, + it will be allocated to the service if unused + or else creation of the service will fail. Default + is to auto-allocate a port if the ServiceType + of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number + must be in the range 1 to 65535. Name must be + an IANA_SVC_NAME. If this is a string, it will + be looked up as a named port in the target Pod''s + container ports. If this is not specified, the + value of the ''port'' field is used (an identity + map). This field is ignored for services with + clusterIP=None, and should be omitted or set + equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for + OpenShift Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the OpenShift service type route + type: object + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + prefix: + description: Prefix will add prefix when configured + for the given domain If prefix is not configured, + the name of the cluster will be used as a default + value + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. + It defaults to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: Type defines supported kubernetes external + services + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: MetaDataServer + properties: + authentication: + description: MDSAuthentication supported MDS server configuration + properties: + type: + enum: + - bearer + type: string + required: + - type + type: object + externalAccess: + description: CPExternalAccess holds all external access policies + for non-kafka components + properties: + ingress: + description: Ingress allows to create a ingress service + Not implemented yet! + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type ingress service + type: object + spec: + description: IngressSpec describes the Ingress the user + wishes to exist. + properties: + backend: + description: A default backend capable of servicing + requests that don't match any rule. At least one + of 'backend' or 'rules' must be specified. This + field is optional to allow the loadbalancer controller + or defaulting logic to specify a global default. + properties: + resource: + description: Resource is an ObjectRef to another + Kubernetes resource in the namespace of the + Ingress object. If resource is specified, + serviceName and servicePort must not be specified. + properties: + apiGroup: + description: APIGroup is the group for the + resource being referenced. If APIGroup + is not specified, the specified Kind must + be in the core API group. For any other + third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the referenced + service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the referenced + service. + x-kubernetes-int-or-string: true + type: object + ingressClassName: + description: IngressClassName is the name of the + IngressClass cluster resource. The associated + IngressClass defines which controller will implement + the resource. This replaces the deprecated `kubernetes.io/ingress.class` + annotation. For backwards compatibility, when + that annotation is set, it must be given precedence + over this field. The controller may emit a warning + if the field and annotation have different values. + Implementations of this API should ignore Ingresses + without a class specified. An IngressClass resource + may be marked as default, which can be used to + set a default value for this field. For more information, + refer to the IngressClass documentation. + type: string + rules: + description: A list of host rules used to configure + the Ingress. If unspecified, or no rule matches, + all traffic is sent to the default backend. + items: + description: IngressRule represents the rules + mapping the paths under a specified host to + the related backend services. Incoming requests + are first evaluated for a host match, then routed + to the backend associated with the matching + IngressRuleValue. + properties: + host: + description: "Host is the fully qualified + domain name of a network host, as defined + by RFC 3986. Note the following deviations + from the \"host\" part of the URI as defined + in RFC 3986: 1. IPs are not allowed. Currently + an IngressRuleValue can only apply to the + IP in the Spec of the parent Ingress. 2. + The `:` delimiter is not respected because + ports are not allowed. \t Currently the + port of an Ingress is implicitly :80 for + http and \t :443 for https. Both these + may change in the future. Incoming requests + are matched against the host before the + IngressRuleValue. If the host is unspecified, + the Ingress routes all traffic based on + the specified IngressRuleValue. \n Host + can be \"precise\" which is a domain name + without the terminating dot of a network + host (e.g. \"foo.bar.com\") or \"wildcard\", + which is a domain name prefixed with a single + wildcard label (e.g. \"*.foo.com\"). The + wildcard character '*' must appear by itself + as the first DNS label and matches only + a single label. You cannot have a wildcard + label by itself (e.g. Host == \"*\"). Requests + will be matched against the Host field in + the following way: 1. If Host is precise, + the request matches this rule if the http + host header is equal to Host. 2. If Host + is a wildcard, then the request matches + this rule if the http host header is to + equal to the suffix (removing the first + label) of the wildcard rule." + type: string + http: + description: 'HTTPIngressRuleValue is a list + of http selectors pointing to backends. + In the example: http:///? + -> backend where where parts of the url + correspond to RFC 3986, this resource will + be used to match against everything after + the last ''/'' and before the first ''?'' + or ''#''.' + properties: + paths: + description: A collection of paths that + map requests to backends. + items: + description: HTTPIngressPath associates + a path with a backend. Incoming urls + matching the path are forwarded to + the backend. + properties: + backend: + description: Backend defines the + referenced service endpoint to + which the traffic will be forwarded + to. + properties: + resource: + description: Resource is an + ObjectRef to another Kubernetes + resource in the namespace + of the Ingress object. If + resource is specified, serviceName + and servicePort must not be + specified. + properties: + apiGroup: + description: APIGroup is + the group for the resource + being referenced. If APIGroup + is not specified, the + specified Kind must be + in the core API group. + For any other third-party + types, APIGroup is required. + type: string + kind: + description: Kind is the + type of resource being + referenced + type: string + name: + description: Name is the + name of resource being + referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name + of the referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port + of the referenced service. + x-kubernetes-int-or-string: true + type: object + path: + description: Path is matched against + the path of an incoming request. + Currently it can contain characters + disallowed from the conventional + "path" part of a URL as defined + by RFC 3986. Paths must begin + with a '/'. When unspecified, + all paths from incoming requests + are matched. + type: string + pathType: + description: 'PathType determines + the interpretation of the Path + matching. PathType can be one + of the following values: * Exact: + Matches the URL path exactly. + * Prefix: Matches based on a URL + path prefix split by ''/''. Matching + is done on a path element by + element basis. A path element + refers is the list of labels + in the path split by the ''/'' + separator. A request is a match + for path p if every p is an element-wise + prefix of p of the request path. + Note that if the last element + of the path is a substring of + the last element in request path, + it is not a match (e.g. /foo/bar matches + /foo/bar/baz, but does not match + /foo/barbaz). * ImplementationSpecific: + Interpretation of the Path matching + is up to the IngressClass. Implementations + can treat this as a separate PathType or + treat it identically to Prefix + or Exact path types. Implementations + are required to support all path + types. Defaults to ImplementationSpecific.' + type: string + required: + - backend + type: object + type: array + required: + - paths + type: object + type: object + type: array + tls: + description: TLS configuration. Currently the Ingress + only supports a single TLS port, 443. If multiple + members of this list specify different hosts, + they will be multiplexed on the same port according + to the hostname specified through the SNI TLS + extension, if the ingress controller fulfilling + the ingress supports SNI. + items: + description: IngressTLS describes the transport + layer security associated with an Ingress. + properties: + hosts: + description: Hosts are a list of hosts included + in the TLS certificate. The values in this + list must match the name/s used in the tlsSecret. + Defaults to the wildcard host setting for + the loadbalancer controller fulfilling this + Ingress, if left unspecified. + items: + type: string + type: array + secretName: + description: SecretName is the name of the + secret used to terminate TLS traffic on + port 443. Field is left optional to allow + TLS routing based on SNI hostname alone. + If the SNI host in a listener conflicts + with the "Host" header field used by an + IngressRule, the SNI host is used for termination + and value of the Host header is used for + routing. + type: string + type: object + type: array + type: object + required: + - spec + type: object + loadBalancer: + description: LoadBalancer allows to create a kubernetes + load balancer service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type load balancer + type: object + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring + source range + items: + type: string + type: array + port: + description: Port allows to configure external port + for client consumption If not configured, same internal/external + port will be configured per component Information + about the port can be retrieved through status API + format: int32 + type: integer + prefix: + description: Prefix will add prefix when configured + for the given domain If prefix is not configured, + the name of the cluster will be used as a default + value + minLength: 1 + type: string + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. Field + can be enabled with ServiceAppProtocol feature + gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type=NodePort or LoadBalancer. + Usually assigned by the system. If specified, + it will be allocated to the service if unused + or else creation of the service will fail. Default + is to auto-allocate a port if the ServiceType + of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number + must be in the range 1 to 65535. Name must be + an IANA_SVC_NAME. If this is a string, it will + be looked up as a named port in the target Pod''s + container ports. If this is not specified, the + value of the ''port'' field is used (an identity + map). This field is ignored for services with + clusterIP=None, and should be omitted or set + equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node + port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port + offset to be used and will go in the increasing order + with respect to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. Field + can be enabled with ServiceAppProtocol feature + gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type=NodePort or LoadBalancer. + Usually assigned by the system. If specified, + it will be allocated to the service if unused + or else creation of the service will fail. Default + is to auto-allocate a port if the ServiceType + of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number + must be in the range 1 to 65535. Name must be + an IANA_SVC_NAME. If this is a string, it will + be looked up as a named port in the target Pod''s + container ports. If this is not specified, the + value of the ''port'' field is used (an identity + map). This field is ignored for services with + clusterIP=None, and should be omitted or set + equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for + OpenShift Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the OpenShift service type route + type: object + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + prefix: + description: Prefix will add prefix when configured + for the given domain If prefix is not configured, + the name of the cluster will be used as a default + value + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. + It defaults to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: Type defines supported kubernetes external + services + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + provider: + properties: + ldap: + description: LdapService LDAP configuration for RBAC + properties: + address: + type: string + authentication: + description: LdapAuthentication supported ldap configuration + for RBAC + properties: + simple: + description: LdapSimpleAuthentication load credential + either for secret or directory path in container + for RBAC + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - simple + - mtls + type: string + required: + - type + type: object + configurations: + description: LdapSettings ldap configurations for CP + RBAC. Anything missing can be passed through configOverride + capability + properties: + groupMemberAttribute: + minLength: 1 + type: string + groupMemberAttributePattern: + minLength: 1 + type: string + groupNameAttribute: + minLength: 1 + type: string + groupObjectClass: + minLength: 1 + type: string + groupSearchBase: + minLength: 1 + type: string + groupSearchFilter: + minLength: 1 + type: string + groupSearchScope: + format: int32 + type: integer + userMemberOfAttributePattern: + minLength: 1 + type: string + userNameAttribute: + minLength: 1 + type: string + userObjectClass: + minLength: 1 + type: string + userSearchBase: + minLength: 1 + type: string + userSearchFilter: + minLength: 1 + type: string + userSearchScope: + format: int32 + type: integer + type: object + tls: + description: ClientTLSConfig defines TLS configuration + for CP component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the + directory path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration + for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure + ignores the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name + referenced for jks password + properties: + secretRef: + description: SecretRef defines the secret name + referenced for jks password More information + about jks password key/value format can be + found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + required: + - address + - authentication + - configurations + type: object + type: + enum: + - ldap + type: string + required: + - ldap + - type + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: MDSTokenKeyPair load either through secretRef or + directory path + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - provider + - tokenKeyPair + type: object + type: object + storageClass: + description: StorageClass defines the user provided storage class. If + not configured, it will use default storage class. + properties: + name: + description: Name defines name is the storage class reference name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + telemetry: + description: ConfluentTelemetry defines the confluent telemetry reporter + configuration + properties: + global: + description: Global will allow disabling telemetry configuration. + If Operator is deployed with telemetry, this field is only is + used to disabled. By default the value is true if telemetry is + enabled in global level. + type: boolean + type: object + tls: + description: TLS defines the global level TLS configuration which can + be used by listeners and services if they all want to share same certificate. + properties: + autoGeneratedCerts: + description: AutoGenerated if configures generates the certificates + based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where keystore/truststore.jks/jksPassword.txt keys + are mounted. CP will not configure truststore.jks can be ignored + with IgnoreTrustStoreConfig field + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the truststore + configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced for + jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced for + jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for certificates + More information about certificates key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - dataVolumeCapacity + - image + - replicas + type: object + status: + description: KafkaStatus defines the observed state of KafkaServer + properties: + authorizationType: + type: string + brokerIdOffset: + format: int32 + type: integer + clusterName: + description: ClusterName defines the name of the cluster + type: string + clusterNamespace: + description: ClusterNamespace provides the namespace where cluster is + running + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + currentReplicas: + description: CurrentReplicas defines current running replicas + format: int32 + type: integer + externalClient: + type: string + internalSecrets: + description: InternalSecrets defines the list of internal secrets created + by Operator for each CP component. + items: + type: string + type: array + internalTopicNames: + description: InternalTopicNames is a list of topics used by the component + for internal use + items: + type: string + type: array + listeners: + additionalProperties: + properties: + advertisedExternalEndpoints: + description: AdvertisedExternalEndpoints defines other advertised + endpoints, especially use for kafka + items: + type: string + type: array + authenticationType: + description: AuthenticationType defines authentication type configured + by a listener + type: string + client: + type: string + externalEndpoint: + description: ExternalEndpoint defines the external endpoint to + connect to the service + type: string + internalEndpoint: + description: InternalEndpoint defines the internal endpoint to + connect to the service + type: string + tls: + description: TLS defines whether tls is configured by a listener + type: boolean + type: object + type: object + minISR: + format: int32 + type: integer + operatorVersion: + description: OperatorVersion defines the internal version of operator + type: string + phase: + description: Phase defines the state of the CP component + type: string + readyReplicas: + description: ReadyReplicas defines current ready replicas + format: int32 + type: integer + replicas: + description: Replicas defines replicas + format: int32 + type: integer + replicationFactor: + format: int32 + type: integer + services: + additionalProperties: + description: ListenerStatus describes general information about a + listeners + properties: + advertisedExternalEndpoints: + description: AdvertisedExternalEndpoints defines other advertised + endpoints, especially use for kafka + items: + type: string + type: array + authenticationType: + description: AuthenticationType defines authentication type configured + by a listener + type: string + externalEndpoint: + description: ExternalEndpoint defines the external endpoint to + connect to the service + type: string + internalEndpoint: + description: InternalEndpoint defines the internal endpoint to + connect to the service + type: string + tls: + description: TLS defines whether tls is configured by a listener + type: boolean + type: object + type: object + zookeeperConnect: + type: string + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.0.1/crds/platform.confluent.io_kafkatopics.yaml b/base/cfk-base/2.0.1/crds/platform.confluent.io_kafkatopics.yaml new file mode 100644 index 0000000..47ce7b4 --- /dev/null +++ b/base/cfk-base/2.0.1/crds/platform.confluent.io_kafkatopics.yaml @@ -0,0 +1,289 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_kafkatopics.yaml + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: kafkatopics.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.replicas + name: Replicas + type: string + - JSONPath: .status.partitionCount + name: Partition + type: string + - JSONPath: .status.state + name: Status + type: string + - JSONPath: .status.kafkaClusterId + name: ClusterId + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: KafkaTopic + listKind: KafkaTopicList + plural: kafkatopics + shortNames: + - kt + - topic + singular: kafkatopic + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: KafkaTopic is the Schema for the kafkatopics API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KafkaTopicSpec defines the desired state of KafkaTopic + properties: + configs: + additionalProperties: + type: string + description: Configs allows passing configs for topic More information + about topic configs is available here https://docs.confluent.io/current/installation/configuration/topic-configs.html + type: object + kafkaClusterRef: + description: KafkaClusterRef defines the name of the kafka cluster + properties: + name: + description: Name defines name of the Kafka cluster + minLength: 1 + type: string + namespace: + description: Namespace defines namespace where kafka cluster is + running + minLength: 1 + type: string + required: + - name + type: object + kafkaRest: + description: KafkaRestRef defines the Kafka Rest API configuration + properties: + authentication: + description: Authentication defines authentication of Kafka Rest + API + properties: + basic: + description: BasicAuthentication defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic + credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on + the server side only. Changes will be only reflected in + ControlCenter (C3). This configuration is ignored on the + client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on + the server side only. This configuration is ignored on + the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + bearer: + description: BearerAuthentication used by MDS clients + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - basic + - bearer + type: string + required: + - type + type: object + endpoint: + description: Endpoint defines where confluent Kafka Rest API is + running + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: TLSDependencyConfig defines the client side tls configuration + to connect to Kafka Rest API + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + kafkaRestClassRef: + description: KafkaRestClassRef defines the reference for KafkaRestClass + which defines Kafka Rest API + properties: + name: + description: Name defines the name of KafkaRestClass + minLength: 1 + type: string + namespace: + description: Namespace defines the namespace of the KafkaRestClass + type: string + required: + - name + type: object + name: + description: Name defines the topic name. If not configured uses the + CR name as topic name. + maxLength: 255 + minLength: 1 + pattern: ^[a-zA-Z0-9\._\-]*$ + type: string + partitionCount: + description: PartitionCount defines the partition count. If not configured + then it will be defaulted to whatever kafkarest V3 APIs supports + format: int32 + type: integer + replicas: + description: Replicas defines the replication factor for a topic. If + not configured then it will be defaulted to whatever kafkarest V3 + APIs supports + format: int32 + type: integer + type: object + status: + description: KafkaTopicStatus defines the observed state of KafkaTopic + properties: + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + kafkaClusterId: + type: string + kafkaRestEndpoint: + type: string + partitionCount: + format: int32 + type: integer + replicas: + format: int32 + type: integer + state: + type: string + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.0.1/crds/platform.confluent.io_ksqldbs.yaml b/base/cfk-base/2.0.1/crds/platform.confluent.io_ksqldbs.yaml new file mode 100644 index 0000000..4c773c8 --- /dev/null +++ b/base/cfk-base/2.0.1/crds/platform.confluent.io_ksqldbs.yaml @@ -0,0 +1,2722 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_ksqldbs.yaml + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: ksqldbs.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.replicas + name: Replicas + type: string + - JSONPath: .status.readyReplicas + name: Ready + type: string + - JSONPath: .status.phase + name: Status + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.kafka.bootstrapEndpoint + name: Kafka + priority: 1 + type: string + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: KsqlDB + listKind: KsqlDBList + plural: ksqldbs + shortNames: + - ksqldb + - ksql + singular: ksqldb + preserveUnknownFields: false + scope: Namespaced + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + validation: + openAPIV3Schema: + description: KsqlDB is the Schema for the ksql API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KafkaSpec defines the desired state of CP component, Kafka + Server + properties: + authentication: + description: Authentication specifies whether auth is needed when accessing + the ksqlDB rest server. + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic credential + through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on the + server side only. Changes will be only reflected in ControlCenter + (C3). This configuration is ignored on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on the + server side only. This configuration is ignored on the client + side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme for Rest + Server + enum: + - basic + - mtls + type: string + required: + - type + type: object + authorization: + description: Authorization configuration defines RBAC configuration + properties: + kafkaRestClassRef: + description: KafkaRestClassRef defines the reference for KafkaRestClass + which defines Kafka Rest API + properties: + name: + description: Name defines the name of KafkaRestClass + minLength: 1 + type: string + namespace: + description: Namespace defines the namespace of the KafkaRestClass + type: string + required: + - name + type: object + type: + enum: + - rbac + type: string + required: + - type + type: object + configOverrides: + description: ConfigurationOverrides defines capability to override server/jvm/log4j + properties for each Confluent platform component. Change will roll + the cluster + properties: + jvm: + description: JVM defines a list of jvm configuration supported by + application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported by + application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + dataVolumeCapacity: + anyOf: + - type: integer + - type: string + description: Data volume + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + dependencies: + description: Dependencies defines dependencies Kafka, interceptor, schemaregistry, + mds dependencies + properties: + interceptor: + description: InterceptorDependency defines interceptor settings + for CP component + properties: + configs: + description: Configs defines configs for the CP interceptor + Config override feature can be used to pass config + items: + type: string + type: array + consumer: + description: Consumer defines the consumer configuration for + interceptor. If not configured it will use the kafka dependency + configuration + properties: + authentication: + description: Authentication defines the authentication for + the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's + JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference + to pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete + JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability + to discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is + running Uses the same namespace where Operator is + running if not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side + TLS setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + enabled: + description: Enabled defines to enable the CP interceptor configuration + type: boolean + producer: + description: Producer defines the producer configuration for + interceptor. If not configured it will use the kafka dependency + configuration + properties: + authentication: + description: Authentication defines the authentication for + the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's + JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference + to pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete + JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability + to discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is + running Uses the same namespace where Operator is + running if not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side + TLS setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + publishMs: + type: integer + required: + - enabled + type: object + kafka: + description: KafkaClientDependency allows configuring CP component + dependency to configure kafka settings + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: MDSDependencies defines MDS configure when CP RBAC + is enabled + properties: + authentication: + description: Authentication defines MDS authentication configuration + properties: + bearer: + description: BearerAuthentication defines bearer authentication + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines the authentication type support + for MDS + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: Endpoint defines the mds endpoint + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: TokenKeyPair defines the token keypair to configure + MDS + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - authentication + - endpoint + - tokenKeyPair + type: object + schemaRegistry: + description: SchemaRegistryClientDependency allows configuring CP + component dependency to configure schemaRegistry settings + properties: + authentication: + description: Authentication defines the authentication for the + schemaregistry cluster + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass + basic credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles + on the server side only. Changes will be only reflected + in ControlCenter (C3). This configuration is ignored + on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is ignored + on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for schemaregistry cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - url + type: object + type: object + externalAccess: + description: Provides configuring endpoints and services to make ksqlDB + accessible from outside the cluster + properties: + ingress: + description: Ingress allows to create a ingress service Not implemented + yet! + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type ingress service + type: object + spec: + description: IngressSpec describes the Ingress the user wishes + to exist. + properties: + backend: + description: A default backend capable of servicing requests + that don't match any rule. At least one of 'backend' or + 'rules' must be specified. This field is optional to allow + the loadbalancer controller or defaulting logic to specify + a global default. + properties: + resource: + description: Resource is an ObjectRef to another Kubernetes + resource in the namespace of the Ingress object. If + resource is specified, serviceName and servicePort + must not be specified. + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the referenced service. + x-kubernetes-int-or-string: true + type: object + ingressClassName: + description: IngressClassName is the name of the IngressClass + cluster resource. The associated IngressClass defines + which controller will implement the resource. This replaces + the deprecated `kubernetes.io/ingress.class` annotation. + For backwards compatibility, when that annotation is set, + it must be given precedence over this field. The controller + may emit a warning if the field and annotation have different + values. Implementations of this API should ignore Ingresses + without a class specified. An IngressClass resource may + be marked as default, which can be used to set a default + value for this field. For more information, refer to the + IngressClass documentation. + type: string + rules: + description: A list of host rules used to configure the + Ingress. If unspecified, or no rule matches, all traffic + is sent to the default backend. + items: + description: IngressRule represents the rules mapping + the paths under a specified host to the related backend + services. Incoming requests are first evaluated for + a host match, then routed to the backend associated + with the matching IngressRuleValue. + properties: + host: + description: "Host is the fully qualified domain name + of a network host, as defined by RFC 3986. Note + the following deviations from the \"host\" part + of the URI as defined in RFC 3986: 1. IPs are not + allowed. Currently an IngressRuleValue can only + apply to the IP in the Spec of the parent Ingress. + 2. The `:` delimiter is not respected because ports + are not allowed. \t Currently the port of an Ingress + is implicitly :80 for http and \t :443 for https. + Both these may change in the future. Incoming requests + are matched against the host before the IngressRuleValue. + If the host is unspecified, the Ingress routes all + traffic based on the specified IngressRuleValue. + \n Host can be \"precise\" which is a domain name + without the terminating dot of a network host (e.g. + \"foo.bar.com\") or \"wildcard\", which is a domain + name prefixed with a single wildcard label (e.g. + \"*.foo.com\"). The wildcard character '*' must + appear by itself as the first DNS label and matches + only a single label. You cannot have a wildcard + label by itself (e.g. Host == \"*\"). Requests will + be matched against the Host field in the following + way: 1. If Host is precise, the request matches + this rule if the http host header is equal to Host. + 2. If Host is a wildcard, then the request matches + this rule if the http host header is to equal to + the suffix (removing the first label) of the wildcard + rule." + type: string + http: + description: 'HTTPIngressRuleValue is a list of http + selectors pointing to backends. In the example: + http:///? -> backend where + where parts of the url correspond to RFC 3986, this + resource will be used to match against everything + after the last ''/'' and before the first ''?'' + or ''#''.' + properties: + paths: + description: A collection of paths that map requests + to backends. + items: + description: HTTPIngressPath associates a path + with a backend. Incoming urls matching the + path are forwarded to the backend. + properties: + backend: + description: Backend defines the referenced + service endpoint to which the traffic + will be forwarded to. + properties: + resource: + description: Resource is an ObjectRef + to another Kubernetes resource in + the namespace of the Ingress object. + If resource is specified, serviceName + and servicePort must not be specified. + properties: + apiGroup: + description: APIGroup is the group + for the resource being referenced. + If APIGroup is not specified, + the specified Kind must be in + the core API group. For any other + third-party types, APIGroup is + required. + type: string + kind: + description: Kind is the type of + resource being referenced + type: string + name: + description: Name is the name of + resource being referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the + referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the + referenced service. + x-kubernetes-int-or-string: true + type: object + path: + description: Path is matched against the + path of an incoming request. Currently + it can contain characters disallowed from + the conventional "path" part of a URL + as defined by RFC 3986. Paths must begin + with a '/'. When unspecified, all paths + from incoming requests are matched. + type: string + pathType: + description: 'PathType determines the interpretation + of the Path matching. PathType can be + one of the following values: * Exact: + Matches the URL path exactly. * Prefix: + Matches based on a URL path prefix split + by ''/''. Matching is done on a path + element by element basis. A path element + refers is the list of labels in the + path split by the ''/'' separator. A request + is a match for path p if every p is + an element-wise prefix of p of the request + path. Note that if the last element of + the path is a substring of the last + element in request path, it is not a match + (e.g. /foo/bar matches /foo/bar/baz, + but does not match /foo/barbaz). * ImplementationSpecific: + Interpretation of the Path matching is + up to the IngressClass. Implementations + can treat this as a separate PathType or + treat it identically to Prefix or Exact + path types. Implementations are required + to support all path types. Defaults to + ImplementationSpecific.' + type: string + required: + - backend + type: object + type: array + required: + - paths + type: object + type: object + type: array + tls: + description: TLS configuration. Currently the Ingress only + supports a single TLS port, 443. If multiple members of + this list specify different hosts, they will be multiplexed + on the same port according to the hostname specified through + the SNI TLS extension, if the ingress controller fulfilling + the ingress supports SNI. + items: + description: IngressTLS describes the transport layer + security associated with an Ingress. + properties: + hosts: + description: Hosts are a list of hosts included in + the TLS certificate. The values in this list must + match the name/s used in the tlsSecret. Defaults + to the wildcard host setting for the loadbalancer + controller fulfilling this Ingress, if left unspecified. + items: + type: string + type: array + secretName: + description: SecretName is the name of the secret + used to terminate TLS traffic on port 443. Field + is left optional to allow TLS routing based on SNI + hostname alone. If the SNI host in a listener conflicts + with the "Host" header field used by an IngressRule, + the SNI host is used for termination and value of + the Host header is used for routing. + type: string + type: object + type: array + type: object + required: + - spec + type: object + loadBalancer: + description: LoadBalancer allows to create a kubernetes load balancer + service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type load balancer + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring source + range + items: + type: string + type: array + port: + description: Port allows to configure external port for client + consumption If not configured, same internal/external port + will be configured per component Information about the port + can be retrieved through status API + format: int32 + type: integer + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port offset + to be used and will go in the increasing order with respect + to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for OpenShift + Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the OpenShift + service type route + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. It defaults + to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: Type defines supported kubernetes external services + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + image: + description: Image defines application and init docker image configuration. + Change will roll the cluster + properties: + application: + description: Application defines application docker image name + pattern: .+:.+ + type: string + init: + description: Init defines init-container name + pattern: .+:.+ + type: string + pullSecretRef: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods that + reference this ServiceAccount. ImagePullSecrets are distinct from + Secrets because Secrets can be mounted in the pod, but ImagePullSecrets + are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: InjectAnnotations annotations are injected to all the internal + resources created by Operator. All the internal annotations is preserved + and forbidden to override. For pod annotations, use podTemplate.annotations + type: object + injectLabels: + additionalProperties: + type: string + description: InjectLabels labels are injected to all the internal resources + created by Operator. All the internal labels is preserved and forbidden + to override. For pod labels, use podTemplate.labels + type: object + internalTopicReplicationFactor: + description: Replication factor for internal topics + format: int32 + type: integer + k8sClusterDomain: + description: K8SClusterDomain defines configuring kubernetes cluster + domain if required. If this setting is not configured it will default + to cluster.local domain. + type: string + license: + description: License defines license configuration for Confluent platform + component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where license key is mounted. More information about + the usage be found in Confluent Operator document. + minLength: 1 + type: string + globalLicense: + description: GlobalLicense specifies whether operator pod license + will be used for this component If enabled then Confluent platform + component shares Confluent Operator license. + type: boolean + secretRef: + description: SecretRef is secret reference which provides license + for CP component More information about the license key struct + can be found in Confluent Operator document. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + metrics: + description: Metrics specifies the security settings for metric services + properties: + authentication: + description: Metrics security authentication + properties: + type: + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: Override for jmx-prometheus exporter configs + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Prometheus exporter rule override + properties: + attrNameSnakeCase: + minLength: 1 + type: string + cache: + minLength: 1 + type: string + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + minLength: 1 + type: string + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP component + (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: MountedSecrets defines list of secrets reference injected + to the the underlying statefulset configuration. The secret reference + is mounted secret mounted in default path /mnt/secrets/. + The underlying resources will follow the secret as a file configuration + as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod + Change will roll the cluster + items: + description: MountedSecrets allows provides a way to inject custom + secret to underlying statefulset. + properties: + keyItems: + description: keyItems is list of key and path names + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must + be a value between 0 and 0777. If not specified, the volume + defaultMode will be used. This might be in conflict with + other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key + to. May not be an absolute path. May not contain the path + element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: SecretRef defines the secret name referenced + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + oneReplicaPerNode: + description: OneReplicaPerNode enforces to run 1 pod per node through + pod anti-affinity capability. Enabling this configuration in existing + cluster will roll. Change will roll the cluster + type: boolean + podTemplate: + description: PodTemplate defines some statefulset pod template configuration + properties: + affinity: + description: 'Affinity is a group of affinity scheduling rules. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its + node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. + The TopologySelectorTerm type implements a subset + of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the + sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations defines an unstructured key value map + stored with a resource that may be set by external tools to store + and retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + envVars: + description: 'EnvVars defines the collection of EnvVar to inject + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Labels defines map of string keys and values that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present in + container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all + containers in a pod. Some volume types allow the Kubelet to + change the ownership of that volume to be owned by the pod: + \n 1. The owning GID will be the FSGroup 2. The setgid bit + is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership and permissions + of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence for + that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to + start the container if it does. If unset or false, no such + validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run + in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName defines priority class for the pod + (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: Probe defines some fields of standard kubernetes readiness/liveness + probe configuration. + properties: + liveness: + description: Liveness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + readiness: + description: Readiness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + type: object + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds defines grace period + for pod deletion + format: int64 + type: integer + tolerations: + description: Tolerations defines The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator . + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using the + matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to + Equal. Exists is equivalent to wildcard for value, so that + a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do + not evict). Zero and negative values will be treated as + 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + type: object + replicas: + description: Replicas is the desired number of replicas of the given + Template. Change will roll the cluster + format: int32 + type: integer + storageClass: + description: Storage class used for creating pvc's of created ksqlDB + pods + properties: + name: + description: Name defines name is the storage class reference name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + telemetry: + description: ConfluentTelemetry defines the confluent telemetry reporter + configuration + properties: + global: + description: Global will allow disabling telemetry configuration. + If Operator is deployed with telemetry, this field is only is + used to disabled. By default the value is true if telemetry is + enabled in global level. + type: boolean + type: object + tls: + description: Specifies TLS configurations for the ksqlDB rest server. + properties: + autoGeneratedCerts: + description: AutoGenerated if configures generates the certificates + based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where keystore/truststore.jks/jksPassword.txt keys + are mounted. CP will not configure truststore.jks can be ignored + with IgnoreTrustStoreConfig field + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the truststore + configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced for + jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced for + jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for certificates + More information about certificates key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - dataVolumeCapacity + - image + - replicas + type: object + status: + description: KsqlDBStatus defines the observed state of KSQLServer + properties: + authorizationType: + type: string + clusterName: + description: ClusterName defines the name of the cluster + type: string + clusterNamespace: + description: ClusterNamespace provides the namespace where cluster is + running + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + currentReplicas: + description: CurrentReplicas defines current running replicas + format: int32 + type: integer + internalSecrets: + description: InternalSecrets defines the list of internal secrets created + by Operator for each CP component. + items: + type: string + type: array + internalTopicNames: + description: InternalTopicNames is a list of topics used by the component + for internal use + items: + type: string + type: array + kafka: + description: KafkaClientInfoStatus defines the kafka client side status + for all CP component + properties: + authenticationType: + description: AuthenticationType defines the authentication type + for kafka + type: string + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + type: string + tls: + description: TLS defines if tls is enabled for kafka dependency + type: boolean + type: object + operatorVersion: + description: OperatorVersion defines the internal version of operator + type: string + phase: + description: Phase defines the state of the CP component + type: string + rbac: + description: RBACInfoStatus defines RBAC related status when RBAC is + enabled + properties: + clusterId: + description: ClusterId defines the id of cluster + type: string + internalRolebindings: + description: RolebindingState defines the state of internal rolebindings + items: + type: string + type: array + type: object + readyReplicas: + description: ReadyReplicas defines current ready replicas + format: int32 + type: integer + replicas: + description: Replicas defines replicas + format: int32 + type: integer + restConfig: + description: ListenerStatus describes general information about a listeners + properties: + advertisedExternalEndpoints: + description: AdvertisedExternalEndpoints defines other advertised + endpoints, especially use for kafka + items: + type: string + type: array + authenticationType: + description: AuthenticationType defines authentication type configured + by a listener + type: string + externalEndpoint: + description: ExternalEndpoint defines the external endpoint to connect + to the service + type: string + internalEndpoint: + description: InternalEndpoint defines the internal endpoint to connect + to the service + type: string + tls: + description: TLS defines whether tls is configured by a listener + type: boolean + type: object + serviceId: + type: string + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.0.1/crds/platform.confluent.io_migrationjobs.yaml b/base/cfk-base/2.0.1/crds/platform.confluent.io_migrationjobs.yaml new file mode 100644 index 0000000..2a50c83 --- /dev/null +++ b/base/cfk-base/2.0.1/crds/platform.confluent.io_migrationjobs.yaml @@ -0,0 +1,672 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_migrationjobs.yaml + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: migrationjobs.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: MigrationJob + listKind: MigrationJobList + plural: migrationjobs + shortNames: + - migrationjob + - migration + singular: migrationjob + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: MigrationJob is the Schema for the migrationjobs API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MigrationJobSpec defines the desired state of MigrationJob + properties: + blockReconcile: + type: boolean + connect: + description: ConnectMigrationJobSpec defines the desired state of Connect + after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must be + unique. An empty namespace is equivalent to the "default" namespace, + but "default" is the canonical representation. Not all objects + are required to be scoped to a namespace - the value of this field + for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + controlcenter: + description: ControlCenterMigrationJobSpec defines the desired state + of ControlCenter after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must be + unique. An empty namespace is equivalent to the "default" namespace, + but "default" is the canonical representation. Not all objects + are required to be scoped to a namespace - the value of this field + for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + initContainerImage: + minLength: 1 + type: string + kafka: + description: KafkaMigrationJobSpec defines the descired state of Kafka + after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must be + unique. An empty namespace is equivalent to the "default" namespace, + but "default" is the canonical representation. Not all objects + are required to be scoped to a namespace - the value of this field + for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + ksqldb: + description: KsqlDBMigrationJobSpec defines the desired state of KsqlDB + after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must be + unique. An empty namespace is equivalent to the "default" namespace, + but "default" is the canonical representation. Not all objects + are required to be scoped to a namespace - the value of this field + for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + pullSecretRef: + items: + type: string + type: array + replicator: + description: ReplicatorMigrationJobSpec defines the desired state of + Replicator after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must be + unique. An empty namespace is equivalent to the "default" namespace, + but "default" is the canonical representation. Not all objects + are required to be scoped to a namespace - the value of this field + for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + schemaRegistry: + description: SchemaRegistryMigrationJobSpec defines the desired state + of SchemaRegistry after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must be + unique. An empty namespace is equivalent to the "default" namespace, + but "default" is the canonical representation. Not all objects + are required to be scoped to a namespace - the value of this field + for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + skipCleanup: + type: boolean + skipRollback: + type: boolean + zookeeper: + description: ZookeeperMigrationJobSpec defines the desired state of + Zookeeper after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must be + unique. An empty namespace is equivalent to the "default" namespace, + but "default" is the canonical representation. Not all objects + are required to be scoped to a namespace - the value of this field + for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + required: + - initContainerImage + type: object + status: + description: MigrationJobStatus defines the observed state of MigrationJob + properties: + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + connect: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + controlcenter: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + kafka: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + ksqldb: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + phase: + type: string + replicator: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + schemaRegistry: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + zookeeper: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + required: + - phase + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.0.1/crds/platform.confluent.io_schemaregistries.yaml b/base/cfk-base/2.0.1/crds/platform.confluent.io_schemaregistries.yaml new file mode 100644 index 0000000..988d12e --- /dev/null +++ b/base/cfk-base/2.0.1/crds/platform.confluent.io_schemaregistries.yaml @@ -0,0 +1,2336 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_schemaregistries.yaml + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: schemaregistries.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.replicas + name: Replicas + type: string + - JSONPath: .status.readyReplicas + name: Ready + type: string + - JSONPath: .status.phase + name: Status + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.kafka.bootstrapEndpoint + name: Kafka + priority: 1 + type: string + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: SchemaRegistry + listKind: SchemaRegistryList + plural: schemaregistries + shortNames: + - schemaregistry + - sr + singular: schemaregistry + preserveUnknownFields: false + scope: Namespaced + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + validation: + openAPIV3Schema: + description: SchemaRegistry is the Schema for the schemaregistries API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SchemaRegistrySpec defines the desired state of SchemaRegistry + properties: + authentication: + description: Authentication defines the rest-endpoint configuration + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic credential + through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on the + server side only. Changes will be only reflected in ControlCenter + (C3). This configuration is ignored on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on the + server side only. This configuration is ignored on the client + side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme for Rest + Server + enum: + - basic + - mtls + type: string + required: + - type + type: object + authorization: + description: Authorization defines authorization configurations + properties: + kafkaRestClassRef: + description: KafkaRestClassRef defines the reference for KafkaRestClass + which defines Kafka Rest API + properties: + name: + description: Name defines the name of KafkaRestClass + minLength: 1 + type: string + namespace: + description: Namespace defines the namespace of the KafkaRestClass + type: string + required: + - name + type: object + type: + enum: + - rbac + type: string + required: + - type + type: object + configOverrides: + description: ConfigurationOverrides defines capability to override server/jvm/log4j + properties for each Confluent platform component. Change will roll + the cluster + properties: + jvm: + description: JVM defines a list of jvm configuration supported by + application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported by + application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + dependencies: + description: Dependencies defines all the dependencies service configuration + properties: + kafka: + description: Kafka defines kafka dependencies configuration + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: MDSDependencies defines the RBAC dependencies configurations + properties: + authentication: + description: Authentication defines MDS authentication configuration + properties: + bearer: + description: BearerAuthentication defines bearer authentication + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines the authentication type support + for MDS + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: Endpoint defines the mds endpoint + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: TokenKeyPair defines the token keypair to configure + MDS + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - authentication + - endpoint + - tokenKeyPair + type: object + type: object + externalAccess: + description: ExternalAccess defines the external access configuration + properties: + ingress: + description: Ingress allows to create a ingress service Not implemented + yet! + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type ingress service + type: object + spec: + description: IngressSpec describes the Ingress the user wishes + to exist. + properties: + backend: + description: A default backend capable of servicing requests + that don't match any rule. At least one of 'backend' or + 'rules' must be specified. This field is optional to allow + the loadbalancer controller or defaulting logic to specify + a global default. + properties: + resource: + description: Resource is an ObjectRef to another Kubernetes + resource in the namespace of the Ingress object. If + resource is specified, serviceName and servicePort + must not be specified. + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the referenced service. + x-kubernetes-int-or-string: true + type: object + ingressClassName: + description: IngressClassName is the name of the IngressClass + cluster resource. The associated IngressClass defines + which controller will implement the resource. This replaces + the deprecated `kubernetes.io/ingress.class` annotation. + For backwards compatibility, when that annotation is set, + it must be given precedence over this field. The controller + may emit a warning if the field and annotation have different + values. Implementations of this API should ignore Ingresses + without a class specified. An IngressClass resource may + be marked as default, which can be used to set a default + value for this field. For more information, refer to the + IngressClass documentation. + type: string + rules: + description: A list of host rules used to configure the + Ingress. If unspecified, or no rule matches, all traffic + is sent to the default backend. + items: + description: IngressRule represents the rules mapping + the paths under a specified host to the related backend + services. Incoming requests are first evaluated for + a host match, then routed to the backend associated + with the matching IngressRuleValue. + properties: + host: + description: "Host is the fully qualified domain name + of a network host, as defined by RFC 3986. Note + the following deviations from the \"host\" part + of the URI as defined in RFC 3986: 1. IPs are not + allowed. Currently an IngressRuleValue can only + apply to the IP in the Spec of the parent Ingress. + 2. The `:` delimiter is not respected because ports + are not allowed. \t Currently the port of an Ingress + is implicitly :80 for http and \t :443 for https. + Both these may change in the future. Incoming requests + are matched against the host before the IngressRuleValue. + If the host is unspecified, the Ingress routes all + traffic based on the specified IngressRuleValue. + \n Host can be \"precise\" which is a domain name + without the terminating dot of a network host (e.g. + \"foo.bar.com\") or \"wildcard\", which is a domain + name prefixed with a single wildcard label (e.g. + \"*.foo.com\"). The wildcard character '*' must + appear by itself as the first DNS label and matches + only a single label. You cannot have a wildcard + label by itself (e.g. Host == \"*\"). Requests will + be matched against the Host field in the following + way: 1. If Host is precise, the request matches + this rule if the http host header is equal to Host. + 2. If Host is a wildcard, then the request matches + this rule if the http host header is to equal to + the suffix (removing the first label) of the wildcard + rule." + type: string + http: + description: 'HTTPIngressRuleValue is a list of http + selectors pointing to backends. In the example: + http:///? -> backend where + where parts of the url correspond to RFC 3986, this + resource will be used to match against everything + after the last ''/'' and before the first ''?'' + or ''#''.' + properties: + paths: + description: A collection of paths that map requests + to backends. + items: + description: HTTPIngressPath associates a path + with a backend. Incoming urls matching the + path are forwarded to the backend. + properties: + backend: + description: Backend defines the referenced + service endpoint to which the traffic + will be forwarded to. + properties: + resource: + description: Resource is an ObjectRef + to another Kubernetes resource in + the namespace of the Ingress object. + If resource is specified, serviceName + and servicePort must not be specified. + properties: + apiGroup: + description: APIGroup is the group + for the resource being referenced. + If APIGroup is not specified, + the specified Kind must be in + the core API group. For any other + third-party types, APIGroup is + required. + type: string + kind: + description: Kind is the type of + resource being referenced + type: string + name: + description: Name is the name of + resource being referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the + referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the + referenced service. + x-kubernetes-int-or-string: true + type: object + path: + description: Path is matched against the + path of an incoming request. Currently + it can contain characters disallowed from + the conventional "path" part of a URL + as defined by RFC 3986. Paths must begin + with a '/'. When unspecified, all paths + from incoming requests are matched. + type: string + pathType: + description: 'PathType determines the interpretation + of the Path matching. PathType can be + one of the following values: * Exact: + Matches the URL path exactly. * Prefix: + Matches based on a URL path prefix split + by ''/''. Matching is done on a path + element by element basis. A path element + refers is the list of labels in the + path split by the ''/'' separator. A request + is a match for path p if every p is + an element-wise prefix of p of the request + path. Note that if the last element of + the path is a substring of the last + element in request path, it is not a match + (e.g. /foo/bar matches /foo/bar/baz, + but does not match /foo/barbaz). * ImplementationSpecific: + Interpretation of the Path matching is + up to the IngressClass. Implementations + can treat this as a separate PathType or + treat it identically to Prefix or Exact + path types. Implementations are required + to support all path types. Defaults to + ImplementationSpecific.' + type: string + required: + - backend + type: object + type: array + required: + - paths + type: object + type: object + type: array + tls: + description: TLS configuration. Currently the Ingress only + supports a single TLS port, 443. If multiple members of + this list specify different hosts, they will be multiplexed + on the same port according to the hostname specified through + the SNI TLS extension, if the ingress controller fulfilling + the ingress supports SNI. + items: + description: IngressTLS describes the transport layer + security associated with an Ingress. + properties: + hosts: + description: Hosts are a list of hosts included in + the TLS certificate. The values in this list must + match the name/s used in the tlsSecret. Defaults + to the wildcard host setting for the loadbalancer + controller fulfilling this Ingress, if left unspecified. + items: + type: string + type: array + secretName: + description: SecretName is the name of the secret + used to terminate TLS traffic on port 443. Field + is left optional to allow TLS routing based on SNI + hostname alone. If the SNI host in a listener conflicts + with the "Host" header field used by an IngressRule, + the SNI host is used for termination and value of + the Host header is used for routing. + type: string + type: object + type: array + type: object + required: + - spec + type: object + loadBalancer: + description: LoadBalancer allows to create a kubernetes load balancer + service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type load balancer + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring source + range + items: + type: string + type: array + port: + description: Port allows to configure external port for client + consumption If not configured, same internal/external port + will be configured per component Information about the port + can be retrieved through status API + format: int32 + type: integer + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port offset + to be used and will go in the increasing order with respect + to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for OpenShift + Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the OpenShift + service type route + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. It defaults + to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: Type defines supported kubernetes external services + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + image: + description: Image defines application and init docker image configuration. + Change will roll the cluster + properties: + application: + description: Application defines application docker image name + pattern: .+:.+ + type: string + init: + description: Init defines init-container name + pattern: .+:.+ + type: string + pullSecretRef: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods that + reference this ServiceAccount. ImagePullSecrets are distinct from + Secrets because Secrets can be mounted in the pod, but ImagePullSecrets + are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: InjectAnnotations annotations are injected to all the internal + resources created by Operator. All the internal annotations is preserved + and forbidden to override. For pod annotations, use podTemplate.annotations + type: object + injectLabels: + additionalProperties: + type: string + description: InjectLabels labels are injected to all the internal resources + created by Operator. All the internal labels is preserved and forbidden + to override. For pod labels, use podTemplate.labels + type: object + internalTopicReplicatorFactor: + format: int32 + minimum: 1 + type: integer + k8sClusterDomain: + description: K8SClusterDomain defines configuring kubernetes cluster + domain if required. If this setting is not configured it will default + to cluster.local domain. + type: string + license: + description: License defines license configuration for Confluent platform + component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where license key is mounted. More information about + the usage be found in Confluent Operator document. + minLength: 1 + type: string + globalLicense: + description: GlobalLicense specifies whether operator pod license + will be used for this component If enabled then Confluent platform + component shares Confluent Operator license. + type: boolean + secretRef: + description: SecretRef is secret reference which provides license + for CP component More information about the license key struct + can be found in Confluent Operator document. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + metrics: + description: Metrics specifies the security settings for metric services + properties: + authentication: + description: Metrics security authentication + properties: + type: + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: Override for jmx-prometheus exporter configs + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Prometheus exporter rule override + properties: + attrNameSnakeCase: + minLength: 1 + type: string + cache: + minLength: 1 + type: string + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + minLength: 1 + type: string + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP component + (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: MountedSecrets defines list of secrets reference injected + to the the underlying statefulset configuration. The secret reference + is mounted secret mounted in default path /mnt/secrets/. + The underlying resources will follow the secret as a file configuration + as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod + Change will roll the cluster + items: + description: MountedSecrets allows provides a way to inject custom + secret to underlying statefulset. + properties: + keyItems: + description: keyItems is list of key and path names + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must + be a value between 0 and 0777. If not specified, the volume + defaultMode will be used. This might be in conflict with + other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key + to. May not be an absolute path. May not contain the path + element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: SecretRef defines the secret name referenced + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + oneReplicaPerNode: + description: OneReplicaPerNode enforces to run 1 pod per node through + pod anti-affinity capability. Enabling this configuration in existing + cluster will roll. Change will roll the cluster + type: boolean + podTemplate: + description: PodTemplate defines some statefulset pod template configuration + properties: + affinity: + description: 'Affinity is a group of affinity scheduling rules. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its + node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. + The TopologySelectorTerm type implements a subset + of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the + sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations defines an unstructured key value map + stored with a resource that may be set by external tools to store + and retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + envVars: + description: 'EnvVars defines the collection of EnvVar to inject + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Labels defines map of string keys and values that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present in + container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all + containers in a pod. Some volume types allow the Kubelet to + change the ownership of that volume to be owned by the pod: + \n 1. The owning GID will be the FSGroup 2. The setgid bit + is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership and permissions + of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence for + that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to + start the container if it does. If unset or false, no such + validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run + in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName defines priority class for the pod + (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: Probe defines some fields of standard kubernetes readiness/liveness + probe configuration. + properties: + liveness: + description: Liveness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + readiness: + description: Readiness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + type: object + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds defines grace period + for pod deletion + format: int64 + type: integer + tolerations: + description: Tolerations defines The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator . + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using the + matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to + Equal. Exists is equivalent to wildcard for value, so that + a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do + not evict). Zero and negative values will be treated as + 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + type: object + replicas: + description: Replicas is the desired number of replicas of the given + Template. Change will roll the cluster + format: int32 + type: integer + storageClass: + description: Storage defines + properties: + name: + description: Name defines name is the storage class reference name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + telemetry: + description: ConfluentTelemetry defines the confluent telemetry reporter + configuration + properties: + global: + description: Global will allow disabling telemetry configuration. + If Operator is deployed with telemetry, this field is only is + used to disabled. By default the value is true if telemetry is + enabled in global level. + type: boolean + type: object + tls: + description: TLS defines tls configuration for rest-endpoint + properties: + autoGeneratedCerts: + description: AutoGenerated if configures generates the certificates + based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where keystore/truststore.jks/jksPassword.txt keys + are mounted. CP will not configure truststore.jks can be ignored + with IgnoreTrustStoreConfig field + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the truststore + configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced for + jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced for + jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for certificates + More information about certificates key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - image + - replicas + type: object + status: + description: SchemaRegistryStatus defines the observed state of SchemaRegistry + properties: + authorizationType: + type: string + clusterName: + description: ClusterName defines the name of the cluster + type: string + clusterNamespace: + description: ClusterNamespace provides the namespace where cluster is + running + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + currentReplicas: + description: CurrentReplicas defines current running replicas + format: int32 + type: integer + groupId: + type: string + internalSecrets: + description: InternalSecrets defines the list of internal secrets created + by Operator for each CP component. + items: + type: string + type: array + internalTopicNames: + description: InternalTopicNames is a list of topics used by the component + for internal use + items: + type: string + type: array + kafka: + description: KafkaClientInfoStatus defines the kafka client side status + for all CP component + properties: + authenticationType: + description: AuthenticationType defines the authentication type + for kafka + type: string + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + type: string + tls: + description: TLS defines if tls is enabled for kafka dependency + type: boolean + type: object + metricPrefix: + type: string + operatorVersion: + description: OperatorVersion defines the internal version of operator + type: string + phase: + description: Phase defines the state of the CP component + type: string + rbac: + description: RBACInfoStatus defines RBAC related status when RBAC is + enabled + properties: + clusterId: + description: ClusterId defines the id of cluster + type: string + internalRolebindings: + description: RolebindingState defines the state of internal rolebindings + items: + type: string + type: array + type: object + readyReplicas: + description: ReadyReplicas defines current ready replicas + format: int32 + type: integer + replicas: + description: Replicas defines replicas + format: int32 + type: integer + restConfig: + description: ListenerStatus describes general information about a listeners + properties: + advertisedExternalEndpoints: + description: AdvertisedExternalEndpoints defines other advertised + endpoints, especially use for kafka + items: + type: string + type: array + authenticationType: + description: AuthenticationType defines authentication type configured + by a listener + type: string + externalEndpoint: + description: ExternalEndpoint defines the external endpoint to connect + to the service + type: string + internalEndpoint: + description: InternalEndpoint defines the internal endpoint to connect + to the service + type: string + tls: + description: TLS defines whether tls is configured by a listener + type: boolean + type: object + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.0.1/crds/platform.confluent.io_zookeepers.yaml b/base/cfk-base/2.0.1/crds/platform.confluent.io_zookeepers.yaml new file mode 100644 index 0000000..36a4461 --- /dev/null +++ b/base/cfk-base/2.0.1/crds/platform.confluent.io_zookeepers.yaml @@ -0,0 +1,1554 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_zookeepers.yaml + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: zookeepers.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.replicas + name: Replicas + type: string + - JSONPath: .status.readyReplicas + name: Ready + type: string + - JSONPath: .status.phase + name: Status + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.endpoint + name: Endpoint + priority: 1 + type: string + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: Zookeeper + listKind: ZookeeperList + plural: zookeepers + shortNames: + - zookeeper + - zk + singular: zookeeper + preserveUnknownFields: false + scope: Namespaced + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + validation: + openAPIV3Schema: + description: Zookeeper is the Schema for the zookeepers API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ZookeeperSpec defines the desired state of Confluent Platform + (CP) component, Zookeeper + properties: + authentication: + description: Authentication defines support authentication configuration + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass required + credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced for + authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + principalMappingRules: + items: + type: string + type: array + type: + description: Type defines supported kafka authentication types + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + configOverrides: + description: ConfigurationOverrides defines capability to override server/jvm/log4j + properties for each Confluent platform component. Change will roll + the cluster + properties: + jvm: + description: JVM defines a list of jvm configuration supported by + application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported by + application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + dataVolumeCapacity: + anyOf: + - type: integer + - type: string + description: DataVolumeCapacity defines the data volume size + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + image: + description: Image defines application and init docker image configuration. + Change will roll the cluster + properties: + application: + description: Application defines application docker image name + pattern: .+:.+ + type: string + init: + description: Init defines init-container name + pattern: .+:.+ + type: string + pullSecretRef: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods that + reference this ServiceAccount. ImagePullSecrets are distinct from + Secrets because Secrets can be mounted in the pod, but ImagePullSecrets + are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: InjectAnnotations annotations are injected to all the internal + resources created by Operator. All the internal annotations is preserved + and forbidden to override. For pod annotations, use podTemplate.annotations + type: object + injectLabels: + additionalProperties: + type: string + description: InjectLabels labels are injected to all the internal resources + created by Operator. All the internal labels is preserved and forbidden + to override. For pod labels, use podTemplate.labels + type: object + k8sClusterDomain: + description: K8SClusterDomain defines configuring kubernetes cluster + domain if required. If this setting is not configured it will default + to cluster.local domain. + type: string + license: + description: License defines license configuration for Confluent platform + component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where license key is mounted. More information about + the usage be found in Confluent Operator document. + minLength: 1 + type: string + globalLicense: + description: GlobalLicense specifies whether operator pod license + will be used for this component If enabled then Confluent platform + component shares Confluent Operator license. + type: boolean + secretRef: + description: SecretRef is secret reference which provides license + for CP component More information about the license key struct + can be found in Confluent Operator document. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + logVolumeCapacity: + anyOf: + - type: integer + - type: string + description: LogVolumeCapacity defines the log volume size + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + metrics: + description: Metrics specifies the security settings for metric services + properties: + authentication: + description: Metrics security authentication + properties: + type: + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: Override for jmx-prometheus exporter configs + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Prometheus exporter rule override + properties: + attrNameSnakeCase: + minLength: 1 + type: string + cache: + minLength: 1 + type: string + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + minLength: 1 + type: string + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP component + (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: MountedSecrets defines list of secrets reference injected + to the the underlying statefulset configuration. The secret reference + is mounted secret mounted in default path /mnt/secrets/. + The underlying resources will follow the secret as a file configuration + as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod + Change will roll the cluster + items: + description: MountedSecrets allows provides a way to inject custom + secret to underlying statefulset. + properties: + keyItems: + description: keyItems is list of key and path names + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must + be a value between 0 and 0777. If not specified, the volume + defaultMode will be used. This might be in conflict with + other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key + to. May not be an absolute path. May not contain the path + element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: SecretRef defines the secret name referenced + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + oneReplicaPerNode: + description: OneReplicaPerNode enforces to run 1 pod per node through + pod anti-affinity capability. Enabling this configuration in existing + cluster will roll. Change will roll the cluster + type: boolean + podTemplate: + description: PodTemplate defines some statefulset pod template configuration + properties: + affinity: + description: 'Affinity is a group of affinity scheduling rules. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its + node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. + The TopologySelectorTerm type implements a subset + of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the + sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations defines an unstructured key value map + stored with a resource that may be set by external tools to store + and retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + envVars: + description: 'EnvVars defines the collection of EnvVar to inject + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Labels defines map of string keys and values that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present in + container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all + containers in a pod. Some volume types allow the Kubelet to + change the ownership of that volume to be owned by the pod: + \n 1. The owning GID will be the FSGroup 2. The setgid bit + is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership and permissions + of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence for + that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to + start the container if it does. If unset or false, no such + validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run + in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName defines priority class for the pod + (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: Probe defines some fields of standard kubernetes readiness/liveness + probe configuration. + properties: + liveness: + description: Liveness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + readiness: + description: Readiness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + type: object + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds defines grace period + for pod deletion + format: int64 + type: integer + tolerations: + description: Tolerations defines The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator . + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using the + matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to + Equal. Exists is equivalent to wildcard for value, so that + a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do + not evict). Zero and negative values will be treated as + 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + type: object + replicas: + description: Replicas is the desired number of replicas of the given + Template. Change will roll the cluster + format: int32 + type: integer + storageClass: + description: StorageClass defines the user provided storage class. If + not configured, it will use default storage class. + properties: + name: + description: Name defines name is the storage class reference name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLS defines TLS setting + properties: + autoGeneratedCerts: + description: AutoGenerated if configures generates the certificates + based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where keystore/truststore.jks/jksPassword.txt keys + are mounted. CP will not configure truststore.jks can be ignored + with IgnoreTrustStoreConfig field + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the truststore + configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced for + jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced for + jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for certificates + More information about certificates key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - dataVolumeCapacity + - image + - logVolumeCapacity + - replicas + type: object + status: + description: ZookeeperStatus defines the observed state of Zookeeper + properties: + authenticationType: + type: string + authorizationType: + type: string + clusterName: + description: ClusterName defines the name of the cluster + type: string + clusterNamespace: + description: ClusterNamespace provides the namespace where cluster is + running + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + currentReplicas: + description: CurrentReplicas defines current running replicas + format: int32 + type: integer + endpoint: + type: string + internalSecrets: + description: InternalSecrets defines the list of internal secrets created + by Operator for each CP component. + items: + type: string + type: array + internalTopicNames: + description: InternalTopicNames is a list of topics used by the component + for internal use + items: + type: string + type: array + operatorVersion: + description: OperatorVersion defines the internal version of operator + type: string + phase: + description: Phase defines the state of the CP component + type: string + readyReplicas: + description: ReadyReplicas defines current ready replicas + format: int32 + type: integer + replicas: + description: Replicas defines replicas + format: int32 + type: integer + tls: + type: boolean + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.0.1/templates/clusterrole.yaml b/base/cfk-base/2.0.1/templates/clusterrole.yaml new file mode 100644 index 0000000..84dcc6e --- /dev/null +++ b/base/cfk-base/2.0.1/templates/clusterrole.yaml @@ -0,0 +1,118 @@ +--- +# Source: confluent-for-kubernetes/templates/clusterrole.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: confluent-for-kubernetes + app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: confluent-for-kubernetes-0.174.13 + name: confluent-operator +rules: +- apiGroups: + - cluster.confluent.com + resources: + - zookeeperclusters + - zookeeperclusters/status + - zookeeperclusters/scale + - zookeeperclusters/finalizers + - kafkaclusters + - kafkaclusters/status + - kafkaclusters/scale + - kafkaclusters/finalizers + verbs: + - '*' +- apiGroups: + - operator.confluent.cloud + resources: + - physicalstatefulclusters + - physicalstatefulclusters/scale + - physicalstatefulclusters/status + - physicalstatefulclusters/finalizers + verbs: + - '*' +- apiGroups: + - platform.confluent.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - route.openshift.io + resources: + - routes + - routes/custom-host + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - apps + resources: + - statefulsets + - statefulsets/scale + - statefulsets/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps + - events + - persistentvolumeclaims + - secrets + - secrets/finalizers + - pods + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - networking.k8s.io + resources: + - ingresses + - ingresses/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get diff --git a/base/cfk-base/2.0.1/templates/clusterrolebinding.yaml b/base/cfk-base/2.0.1/templates/clusterrolebinding.yaml new file mode 100644 index 0000000..f2ed4e6 --- /dev/null +++ b/base/cfk-base/2.0.1/templates/clusterrolebinding.yaml @@ -0,0 +1,21 @@ +--- +# Source: confluent-for-kubernetes/templates/clusterrolebinding.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: + app: confluent-for-kubernetes + app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: confluent-for-kubernetes-0.174.13 + name: confluent-operator +subjects: +- kind: ServiceAccount + name: confluent-for-kubernetes + namespace: default +roleRef: + kind: ClusterRole + name: confluent-operator + apiGroup: rbac.authorization.k8s.io diff --git a/base/cfk-base/2.0.1/templates/deployment.yaml b/base/cfk-base/2.0.1/templates/deployment.yaml new file mode 100644 index 0000000..5040865 --- /dev/null +++ b/base/cfk-base/2.0.1/templates/deployment.yaml @@ -0,0 +1,82 @@ +--- +# Source: confluent-for-kubernetes/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: confluent-for-kubernetes + app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: confluent-for-kubernetes-0.174.13 + version: 0.174.13 + name: confluent-operator + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: "confluent-operator" + app.kubernetes.io/instance: release-name + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: + prometheus.io/path: "/metrics" + prometheus.io/port: "7778" + prometheus.io/scrape: "true" + labels: + app: "confluent-operator" + app.kubernetes.io/name: "confluent-operator" + app.kubernetes.io/instance: release-name + confluent-platform: "true" + version: 0.174.13 + spec: + securityContext: + fsGroup: 1001 + runAsNonRoot: true + runAsUser: 1001 + containers: + - args: + - --debug=false + name: confluent-operator + image: docker.io/confluentinc/confluent-operator:0.174.13 + imagePullPolicy: IfNotPresent + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + readinessProbe: + httpGet: + port: 8080 + path: /readyz + livenessProbe: + httpGet: + port: 8080 + path: /healthz + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: NODEIP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_ENTITY_ID + valueFrom: + fieldRef: + fieldPath: metadata.uid + serviceAccountName: confluent-for-kubernetes + restartPolicy: Always + terminationGracePeriodSeconds: 30 diff --git a/base/cfk-base/2.0.1/templates/kustomization.yaml b/base/cfk-base/2.0.1/templates/kustomization.yaml new file mode 100644 index 0000000..e9867e7 --- /dev/null +++ b/base/cfk-base/2.0.1/templates/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - licensing.yaml + - clusterrole.yaml + - clusterrolebinding.yaml + - deployment.yaml + - service.yaml + - serviceaccount.yaml diff --git a/base/cfk-base/2.0.1/templates/licensing.yaml b/base/cfk-base/2.0.1/templates/licensing.yaml new file mode 100644 index 0000000..b667dc8 --- /dev/null +++ b/base/cfk-base/2.0.1/templates/licensing.yaml @@ -0,0 +1,17 @@ +--- +# Source: confluent-for-kubernetes/templates/licensing.yaml +apiVersion: v1 +kind: Secret +metadata: + labels: + app: confluent-for-kubernetes + app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: confluent-for-kubernetes-0.174.13 + namespace: default + name: confluent-operator-licensing +type: Opaque +data: + publicKey.pem: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF2YUd5OFRPZGJDTXlTTTd6cVpzeApuNjJ5dUUrQmhJUGxjOXo5Y3RyWCt0QldOQ0NKZVBaYktIVFpTOXVLTGVLVWk5dTA3dHMvMzVYUm5FNEFURDZxCmx3am5Tb0pPa2VJWGNZaUorWEdFeE4xb1JFOFJsNW90dmRtSkVzYjlZNkpzZmUybFJDQ3NaTng2azFzMU5tUUYKUjR3blJpS3lsSWlZSjl1V1VHZkgxOEpLWnFNOHo5UXFrWi8relFrekhOWXNYbi9ZeVJ1RElRWGVVU2VjaHI5MwpKanQ3OUFpa3NraWNvVDA0bHF6L0dhSHoyV0pFeXV2TExFMWpOQk9Db21LbDA1UWIreXZKbUdudC83SFg2SFQ3CjNobkNYYnNsd3R6cDBDbWVHT2lKUmJKeGJhaGtURnFoMW9LcVpYVURDWnJLQ05OUnZYcU4vUUhxbmF3bzZrSnkKOHdJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0t diff --git a/base/cfk-base/2.0.1/templates/service.yaml b/base/cfk-base/2.0.1/templates/service.yaml new file mode 100644 index 0000000..71763bb --- /dev/null +++ b/base/cfk-base/2.0.1/templates/service.yaml @@ -0,0 +1,24 @@ +--- +# Source: confluent-for-kubernetes/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + labels: + app: confluent-for-kubernetes + app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: confluent-for-kubernetes-0.174.13 + name: confluent-operator + namespace: default +spec: + ports: + - name: http-metric + port: 7778 + protocol: TCP + targetPort: 7778 + selector: + app: "confluent-operator" + app.kubernetes.io/name: "confluent-operator" + type: ClusterIP diff --git a/base/cfk-base/2.0.1/templates/serviceaccount.yaml b/base/cfk-base/2.0.1/templates/serviceaccount.yaml new file mode 100644 index 0000000..2e0b37a --- /dev/null +++ b/base/cfk-base/2.0.1/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +--- +# Source: confluent-for-kubernetes/templates/serviceaccount.yaml +apiVersion: v1 +imagePullSecrets: +- name: confluent-registry +kind: ServiceAccount +metadata: + labels: + app: confluent-for-kubernetes + app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: confluent-for-kubernetes-0.174.13 + name: confluent-for-kubernetes + namespace: default diff --git a/base/cfk-base/2.0.2/crds/kustomization.yaml b/base/cfk-base/2.0.2/crds/kustomization.yaml new file mode 100644 index 0000000..2ad3673 --- /dev/null +++ b/base/cfk-base/2.0.2/crds/kustomization.yaml @@ -0,0 +1,13 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - platform.confluent.io_confluentrolebindings.yaml + - platform.confluent.io_connects.yaml + - platform.confluent.io_controlcenters.yaml + - platform.confluent.io_kafkarestclasses.yaml + - platform.confluent.io_kafkas.yaml + - platform.confluent.io_kafkatopics.yaml + - platform.confluent.io_ksqldbs.yaml + - platform.confluent.io_migrationjobs.yaml + - platform.confluent.io_schemaregistries.yaml + - platform.confluent.io_zookeepers.yaml diff --git a/base/cfk-base/2.0.2/crds/platform.confluent.io_confluentrolebindings.yaml b/base/cfk-base/2.0.2/crds/platform.confluent.io_confluentrolebindings.yaml new file mode 100644 index 0000000..fbd2bbf --- /dev/null +++ b/base/cfk-base/2.0.2/crds/platform.confluent.io_confluentrolebindings.yaml @@ -0,0 +1,252 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_confluentrolebindings.yaml + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: confluentrolebindings.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.state + name: Status + type: string + - JSONPath: .status.kafkaClusterId + name: KafkaClusterId + type: string + - JSONPath: .status.principal + name: Principal + type: string + - JSONPath: .status.role + name: Role + type: string + - JSONPath: .status.kafkaRestClass + name: KafkaRestClass + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.clusterRegistryName + name: ClusterRegistryName + priority: 1 + type: string + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: ConfluentRolebinding + listKind: ConfluentRolebindingList + plural: confluentrolebindings + shortNames: + - cfrb + - confluentrolebinding + singular: confluentrolebinding + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: ConfluentRolebinding is the Schema for the confluentrolebinding + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ConfluentRolebindingSpec defines the desired state of rolebinding + for cp component when rbac is enabled + properties: + clustersScopeByIds: + description: ClusterScope defines the scope of clustersId + properties: + connectClusterId: + minLength: 1 + type: string + kafkaClusterId: + minLength: 1 + type: string + ksqlClusterId: + minLength: 1 + type: string + schemaRegistryClusterId: + minLength: 1 + type: string + type: object + clustersScopeByRegistryName: + description: ClusterRegistryName defines the unique cluster name customer + registered in cluster registry + minLength: 1 + type: string + kafkaRestClassRef: + description: KafkaRestClassRef defines the reference for KafkaRestClass + which defines Kafka Rest API + properties: + name: + description: Name defines the name of KafkaRestClass + minLength: 1 + type: string + namespace: + description: Namespace defines the namespace of the KafkaRestClass + type: string + required: + - name + type: object + principal: + description: Principal defines the confluent rolebinding principal name + and the binding details. + properties: + name: + description: Name defines the name of the principal(user/group) + minLength: 1 + type: string + type: + enum: + - user + - group + type: string + required: + - name + - type + type: object + resourcePatterns: + description: ResourcePatterns define the qualified resources associated + with this rolebinding + items: + description: ResourcePattern define the qualified resource info associated + with this rolebinding + properties: + name: + description: Name defines the name of resource associated with + this rolebinding + minLength: 1 + type: string + patternType: + description: PatternType defines whether the pattern of resource + is PREFIXED or LITERAL, default is LITERAL if not set + enum: + - PREFIXED + - LITERAL + type: string + resourceType: + description: ResourceType defines the type of resource + minLength: 1 + type: string + required: + - name + - resourceType + type: object + type: array + role: + description: Role defines the name of the Role + minLength: 1 + type: string + required: + - principal + - role + type: object + status: + description: ConfluentRolebindingStatus defines the observed state of ConfluentRolebinding + properties: + clusterRegistryName: + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + kafkaClusterId: + type: string + kafkaRestClass: + type: string + mdsEndpoint: + type: string + principal: + type: string + resourcePatterns: + items: + description: ResourcePattern define the qualified resource info associated + with this rolebinding + properties: + name: + description: Name defines the name of resource associated with + this rolebinding + minLength: 1 + type: string + patternType: + description: PatternType defines whether the pattern of resource + is PREFIXED or LITERAL, default is LITERAL if not set + enum: + - PREFIXED + - LITERAL + type: string + resourceType: + description: ResourceType defines the type of resource + minLength: 1 + type: string + required: + - name + - resourceType + type: object + type: array + role: + type: string + state: + type: string + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.0.2/crds/platform.confluent.io_connects.yaml b/base/cfk-base/2.0.2/crds/platform.confluent.io_connects.yaml new file mode 100644 index 0000000..42c6afb --- /dev/null +++ b/base/cfk-base/2.0.2/crds/platform.confluent.io_connects.yaml @@ -0,0 +1,2957 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_connects.yaml + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: connects.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.replicas + name: Replicas + type: string + - JSONPath: .status.readyReplicas + name: Ready + type: string + - JSONPath: .status.phase + name: Status + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.kafka.bootstrapEndpoint + name: Kafka + priority: 1 + type: string + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: Connect + listKind: ConnectList + plural: connects + shortNames: + - connect + singular: connect + preserveUnknownFields: false + scope: Namespaced + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + validation: + openAPIV3Schema: + description: Connect is the Schema for the Connects API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ConnectSpec defines the desired state of Connect + properties: + authentication: + description: Rest server security fields + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic credential + through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on the + server side only. Changes will be only reflected in ControlCenter + (C3). This configuration is ignored on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on the + server side only. This configuration is ignored on the client + side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme for Rest + Server + enum: + - basic + - mtls + type: string + required: + - type + type: object + authorization: + description: Authorization + properties: + kafkaRestClassRef: + description: KafkaRestClassRef defines the reference for KafkaRestClass + which defines Kafka Rest API + properties: + name: + description: Name defines the name of KafkaRestClass + minLength: 1 + type: string + namespace: + description: Namespace defines the namespace of the KafkaRestClass + type: string + required: + - name + type: object + type: + enum: + - rbac + type: string + required: + - type + type: object + configOverrides: + description: ConfigurationOverrides defines capability to override server/jvm/log4j + properties for each Confluent platform component. Change will roll + the cluster + properties: + jvm: + description: JVM defines a list of jvm configuration supported by + application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported by + application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + connectorOverridePolicy: + description: ConnectorOverridePolicy allows policy to permit per-connector + override configuration for producer/consumer/admin prefix. More information + can be found here, https://docs.confluent.io/platform/current/connect/security.html#separate-principals + enum: + - All + - Principal + type: string + dependencies: + description: ConnectDependencies holds dependencies a connect requires + or can enable + properties: + admin: + description: configure admin client If bootstrapEndpoint is not + configured, the security is configured based on the kafka dependencies + configuration. Configure if different bootstrapEndpoint is required + for admin client + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + consumer: + description: Consumer security configuration to connect to Kafka + Cluster pointed by bootstrapEndpoint, used for sink connectors. + If bootstrapEndpoint is not configured, the security is configured + based on the kafka dependencies configuration. Configure if different + bootstrapEndpoint is required for consumer + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + interceptor: + description: configure confluent monitoring interceptor + properties: + configs: + description: Configs defines configs for the CP interceptor + Config override feature can be used to pass config + items: + type: string + type: array + consumer: + description: Consumer defines the consumer configuration for + interceptor. If not configured it will use the kafka dependency + configuration + properties: + authentication: + description: Authentication defines the authentication for + the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's + JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference + to pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete + JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability + to discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is + running Uses the same namespace where Operator is + running if not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side + TLS setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + enabled: + description: Enabled defines to enable the CP interceptor configuration + type: boolean + producer: + description: Producer defines the producer configuration for + interceptor. If not configured it will use the kafka dependency + configuration + properties: + authentication: + description: Authentication defines the authentication for + the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's + JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference + to pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete + JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability + to discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is + running Uses the same namespace where Operator is + running if not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side + TLS setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + publishMs: + type: integer + required: + - enabled + type: object + kafka: + description: Connect dependency for connecting to kafka. Uses discovery + if that specified + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: Mds configurations for when RBAC is enabled + properties: + authentication: + description: Authentication defines MDS authentication configuration + properties: + bearer: + description: BearerAuthentication defines bearer authentication + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines the authentication type support + for MDS + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: Endpoint defines the mds endpoint + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: TokenKeyPair defines the token keypair to configure + MDS + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - authentication + - endpoint + - tokenKeyPair + type: object + producer: + description: Producer security configuration to connect to Kafka + Cluster pointed by bootstrapEndpoint, used for source connectors. + If bootstrapEndpoint is not configured, the security is configured + based on the kafka dependencies configuration. Configure if different + bootstrapEndpoint/security is required for producer + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + schemaRegistry: + description: configure connect dependency for schemaregistry + properties: + authentication: + description: Authentication defines the authentication for the + schemaregistry cluster + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass + basic credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles + on the server side only. Changes will be only reflected + in ControlCenter (C3). This configuration is ignored + on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is ignored + on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for schemaregistry cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - url + type: object + type: object + enableSchemas: + description: EnableSchemas defines whether to enable scheme or not + type: boolean + externalAccess: + description: CPExternalAccess holds all external access policies for + non-kafka components + properties: + loadBalancer: + description: LoadBalancer allows to create a kubernetes load balancer + service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type load balancer + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring source + range + items: + type: string + type: array + port: + description: Port allows to configure external port for client + consumption If not configured, same internal/external port + will be configured per component Information about the port + can be retrieved through status API + format: int32 + type: integer + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port offset + to be used and will go in the increasing order with respect + to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) For Kafka with nodePort type, it will only apply to + kafka bootstrap service + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for OpenShift + Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the OpenShift + service type route + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. It defaults + to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: Type defines supported kubernetes external services + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + image: + description: Image defines application and init docker image configuration. + Change will roll the cluster + properties: + application: + description: Application defines application docker image name + pattern: .+:.+ + type: string + init: + description: Init defines init-container name + pattern: .+:.+ + type: string + pullPolicy: + description: ImagePullPolicy, One of Always, Never, IfNotPresent. + Defaults to IfNotPresent. + enum: + - Always + - Never + - IfNotPresent + type: string + pullSecretRef: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods that + reference this ServiceAccount. ImagePullSecrets are distinct from + Secrets because Secrets can be mounted in the pod, but ImagePullSecrets + are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: InjectAnnotations annotations are injected to all the internal + resources created by Operator. All the internal annotations is preserved + and forbidden to override. For pod annotations, use podTemplate.annotations + type: object + injectLabels: + additionalProperties: + type: string + description: InjectLabels labels are injected to all the internal resources + created by Operator. All the internal labels is preserved and forbidden + to override. For pod labels, use podTemplate.labels + type: object + internalTopicReplicationFactor: + description: ' InternalTopicReplicationFactor defines internal topic + replication factor If not configured, it will be configured as 3' + format: int32 + type: integer + k8sClusterDomain: + description: K8SClusterDomain defines configuring kubernetes cluster + domain if required. If this setting is not configured it will default + to cluster.local domain. + type: string + keyConverterType: + description: KeyConverter defines the supported converters package for + CP platform Supported converter types here, https://docs.confluent.io/current/connect/concepts.html#connect-converters + By default, it is configured as org.apache.kafka.connect.json.JsonConverter + minLength: 1 + type: string + license: + description: License defines license configuration for Confluent platform + component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where license key is mounted. More information about + the usage be found in Confluent Operator document. + minLength: 1 + type: string + globalLicense: + description: GlobalLicense specifies whether operator pod license + will be used for this component If enabled then Confluent platform + component shares Confluent Operator license. + type: boolean + secretRef: + description: SecretRef is secret reference which provides license + for CP component More information about the license key struct + can be found in Confluent Operator document. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + metrics: + description: Metrics specifies the security settings for metric services + properties: + authentication: + description: Metrics security authentication + properties: + type: + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: Override for jmx-prometheus exporter configs + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Prometheus exporter rule override + properties: + attrNameSnakeCase: + minLength: 1 + type: string + cache: + minLength: 1 + type: string + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + minLength: 1 + type: string + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP component + (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: MountedSecrets defines list of secrets reference injected + to the the underlying statefulset configuration. The secret reference + is mounted secret mounted in default path /mnt/secrets/. + The underlying resources will follow the secret as a file configuration + as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod + Change will roll the cluster + items: + description: MountedSecrets allows provides a way to inject custom + secret to underlying statefulset. + properties: + keyItems: + description: keyItems is list of key and path names + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must + be a value between 0 and 0777. If not specified, the volume + defaultMode will be used. This might be in conflict with + other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key + to. May not be an absolute path. May not contain the path + element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: SecretRef defines the secret name referenced + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + oneReplicaPerNode: + description: OneReplicaPerNode enforces to run 1 pod per node through + pod anti-affinity capability. Enabling this configuration in existing + cluster will roll. Change will roll the cluster + type: boolean + podTemplate: + description: PodTemplate defines some statefulset pod template configuration + properties: + affinity: + description: 'Affinity is a group of affinity scheduling rules. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its + node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. + The TopologySelectorTerm type implements a subset + of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the + sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations defines an unstructured key value map + stored with a resource that may be set by external tools to store + and retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + envVars: + description: 'EnvVars defines the collection of EnvVar to inject + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Labels defines map of string keys and values that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present in + container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all + containers in a pod. Some volume types allow the Kubelet to + change the ownership of that volume to be owned by the pod: + \n 1. The owning GID will be the FSGroup 2. The setgid bit + is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership and permissions + of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence for + that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to + start the container if it does. If unset or false, no such + validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run + in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName defines priority class for the pod + (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: Probe defines some fields of standard kubernetes readiness/liveness + probe configuration. + properties: + liveness: + description: Liveness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + readiness: + description: Readiness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + type: object + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds defines grace period + for pod deletion + format: int64 + type: integer + tolerations: + description: Tolerations defines The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator . + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using the + matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to + Equal. Exists is equivalent to wildcard for value, so that + a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do + not evict). Zero and negative values will be treated as + 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraints describes how a group of + pods ought to spread across topology domains. Scheduler will schedule + pods in a way which abides by the constraints. All topologySpreadConstraints + are ANDed. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods may + be unevenly distributed. It''s the maximum permitted difference + between the number of matching pods in any two topology + domains of a given topology type. For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with the same labelSelector + spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | + - if MaxSkew is 1, incoming pod can only be scheduled to + zone3 to become 1/1/1; scheduling it onto zone1(zone2) would + make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any + zone. It''s a required field. Default value is 1 and 0 is + not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule + (default) tells the scheduler not to schedule it - ScheduleAnyway + tells the scheduler to still schedule it It''s considered + as "Unsatisfiable" if and only if placing incoming pod on + any topology violates "MaxSkew". For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with the same labelSelector + spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod + can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). + In other words, the cluster can still be imbalanced, but + scheduler won''t make it *more* imbalanced. It''s a required + field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + replicas: + description: Replicas is the desired number of replicas of the given + Template. Change will roll the cluster + format: int32 + type: integer + telemetry: + description: ConfluentTelemetry defines the confluent telemetry reporter + configuration + properties: + global: + description: Global will allow disabling telemetry configuration. + If Operator is deployed with telemetry, this field is only is + used to disabled. By default the value is true if telemetry is + enabled in global level. + type: boolean + type: object + tls: + description: TLS allows configuring CP Component's server configuration + properties: + autoGeneratedCerts: + description: AutoGenerated if configures generates the certificates + based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where keystore/truststore.jks/jksPassword.txt keys + are mounted. CP will not configure truststore.jks can be ignored + with IgnoreTrustStoreConfig field + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the truststore + configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced for + jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced for + jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for certificates + More information about certificates key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + valueConverterType: + description: ValueConverter defines the supported converters package + for CP platform Supported converter types here, https://docs.confluent.io/current/connect/concepts.html#connect-converters + By default, it is configured as org.apache.kafka.connect.json.JsonConverter + minLength: 1 + type: string + required: + - image + - replicas + type: object + status: + description: ConnectStatus defines the observed state of Connect + properties: + authorizationType: + type: string + clusterName: + description: ClusterName defines the name of the cluster + type: string + clusterNamespace: + description: ClusterNamespace provides the namespace where cluster is + running + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + currentReplicas: + description: CurrentReplicas defines current running replicas + format: int32 + type: integer + groupId: + type: string + internalSecrets: + description: InternalSecrets defines the list of internal secrets created + by Operator for each CP component. + items: + type: string + type: array + internalTopicNames: + description: InternalTopicNames is a list of topics used by the component + for internal use + items: + type: string + type: array + kafka: + description: KafkaClientInfoStatus defines the kafka client side status + for all CP component + properties: + authenticationType: + description: AuthenticationType defines the authentication type + for kafka + type: string + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + type: string + tls: + description: TLS defines if tls is enabled for kafka dependency + type: boolean + type: object + operatorVersion: + description: OperatorVersion defines the internal version of operator + type: string + phase: + description: Phase defines the state of the CP component + type: string + rbac: + description: RBACInfoStatus defines RBAC related status when RBAC is + enabled + properties: + clusterId: + description: ClusterId defines the id of cluster + type: string + internalRolebindings: + description: RolebindingState defines the state of internal rolebindings + items: + type: string + type: array + type: object + readyReplicas: + description: ReadyReplicas defines current ready replicas + format: int32 + type: integer + replicas: + description: Replicas defines replicas + format: int32 + type: integer + restConfig: + description: ListenerStatus describes general information about a listeners + properties: + advertisedExternalEndpoints: + description: AdvertisedExternalEndpoints defines other advertised + endpoints, especially use for kafka + items: + type: string + type: array + authenticationType: + description: AuthenticationType defines authentication type configured + by a listener + type: string + externalAccessType: + description: ExternalAccessType is the external access type used + for the listener + type: string + externalEndpoint: + description: ExternalEndpoint defines the external endpoint to connect + to the service + type: string + internalEndpoint: + description: InternalEndpoint defines the internal endpoint to connect + to the service + type: string + tls: + description: TLS defines whether tls is configured by a listener + type: boolean + type: object + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.0.2/crds/platform.confluent.io_controlcenters.yaml b/base/cfk-base/2.0.2/crds/platform.confluent.io_controlcenters.yaml new file mode 100644 index 0000000..0f18682 --- /dev/null +++ b/base/cfk-base/2.0.2/crds/platform.confluent.io_controlcenters.yaml @@ -0,0 +1,2898 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_controlcenters.yaml + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: controlcenters.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.replicas + name: Replicas + type: string + - JSONPath: .status.readyReplicas + name: Ready + type: string + - JSONPath: .status.phase + name: Status + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.kafka.bootstrapEndpoint + name: Kafka + priority: 1 + type: string + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: ControlCenter + listKind: ControlCenterList + plural: controlcenters + shortNames: + - controlcenter + - c3 + singular: controlcenter + preserveUnknownFields: false + scope: Namespaced + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + validation: + openAPIV3Schema: + description: ControlCenter is the Schema for the controlcenter API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ControlCenterSpec defines the desired state of ControlCenter + properties: + authentication: + description: Authentication defines the rest-endpoint configuration + properties: + basic: + description: BasicAuthentication defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic credential + through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on the + server side only. Changes will be only reflected in ControlCenter + (C3). This configuration is ignored on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on the + server side only. This configuration is ignored on the client + side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + ldap: + description: C3LdapAuthentication defines ldap authentication + properties: + property: + additionalProperties: + type: string + description: Property defines all the properties for LDAP configuration + Make sure to use secret object to pass username/password + type: object + restrictedRoles: + description: RestrictedRoles defines restricted access roles + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on the + server side only. + items: + type: string + minItems: 1 + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - basic + - ldap + - mtls + type: string + required: + - type + type: object + authorization: + description: Authorization defines authorization configurations + properties: + kafkaRestClassRef: + description: KafkaRestClassRef defines the reference for KafkaRestClass + which defines Kafka Rest API + properties: + name: + description: Name defines the name of KafkaRestClass + minLength: 1 + type: string + namespace: + description: Namespace defines the namespace of the KafkaRestClass + type: string + required: + - name + type: object + type: + enum: + - rbac + type: string + required: + - type + type: object + configOverrides: + description: ConfigurationOverrides defines capability to override server/jvm/log4j + properties for each Confluent platform component. Change will roll + the cluster + properties: + jvm: + description: JVM defines a list of jvm configuration supported by + application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported by + application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + dataVolumeCapacity: + anyOf: + - type: integer + - type: string + description: DataVolumeCapacity defines the data size for PV + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + dependencies: + description: Dependencies defines all the dependencies service configuration + properties: + connect: + description: Connect defines connect worker dependencies configuration + items: + description: ControlCenterConnectDependency + properties: + authentication: + description: Authentication defines the authentication for + the connect cluster + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass + basic credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles + on the server side only. Changes will be only reflected + in ControlCenter (C3). This configuration is ignored + on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is ignored + on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + name: + description: Name defines the cluster name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + tls: + description: TLSDependencyConfig defines the client side TLS + setting for connect cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - name + - url + type: object + type: array + kafka: + description: Kafka defines kafka dependencies configuration + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + ksqldb: + description: KsqlDB defines ksqldb dependencies configuration + items: + description: ControlCenterKSQLDependency + properties: + advertisedUrl: + description: AdvertisedURL defines the advertised url to use + in browser. + minLength: 1 + pattern: ^https?://.* + type: string + authentication: + description: Authentication defines the authentication for + the ksqldb cluster + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass + basic credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles + on the server side only. Changes will be only reflected + in ControlCenter (C3). This configuration is ignored + on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is ignored + on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + name: + description: Name defines the cluster name + minLength: 1 + type: string + tls: + description: TLSDependencyConfig defines the client side TLS + setting for ksqldb cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - name + - url + type: object + type: array + mds: + description: MDSDependencies defines the RBAC dependencies configurations + properties: + authentication: + description: Authentication defines MDS authentication configuration + properties: + bearer: + description: BearerAuthentication defines bearer authentication + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines the authentication type support + for MDS + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: Endpoint defines the mds endpoint + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: TokenKeyPair defines the token keypair to configure + MDS + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - authentication + - endpoint + - tokenKeyPair + type: object + schemaRegistry: + description: SchemaRegistry defines schema registry dependencies + configuration + properties: + authentication: + description: Authentication defines the authentication for the + schemaregistry cluster + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass + basic credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles + on the server side only. Changes will be only reflected + in ControlCenter (C3). This configuration is ignored + on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is ignored + on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + clusters: + items: + description: ControlCenterMultiSchemaRegistryDependency + properties: + authentication: + description: Authentication defines the authentication + for the schemaregistry cluster + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to + pass basic credential through directory path + in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted + roles on the server side only. Changes will + be only reflected in ControlCenter (C3). This + configuration is ignored on the client side + configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration + is ignored on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication + scheme for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + name: + description: Name defines the cluster name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + tls: + description: TLSDependencyConfig defines the client side + TLS setting for schemaregistry cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the + directory path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration + for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure + ignores the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name + referenced for jks password More information + about jks password key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - name + - url + type: object + type: array + tls: + description: TLSDependencyConfig defines the client side TLS + setting for schemaregistry cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - url + type: object + type: object + externalAccess: + description: ExternalAccess defines the external access configuration + properties: + loadBalancer: + description: LoadBalancer allows to create a kubernetes load balancer + service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type load balancer + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring source + range + items: + type: string + type: array + port: + description: Port allows to configure external port for client + consumption If not configured, same internal/external port + will be configured per component Information about the port + can be retrieved through status API + format: int32 + type: integer + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port offset + to be used and will go in the increasing order with respect + to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) For Kafka with nodePort type, it will only apply to + kafka bootstrap service + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for OpenShift + Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the OpenShift + service type route + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. It defaults + to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: Type defines supported kubernetes external services + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + id: + description: ControlCenterID identifier used as a prefix so that multiple + instances of Control Center can co-exist. + format: int32 + type: integer + image: + description: Image defines application and init docker image configuration. + Change will roll the cluster + properties: + application: + description: Application defines application docker image name + pattern: .+:.+ + type: string + init: + description: Init defines init-container name + pattern: .+:.+ + type: string + pullPolicy: + description: ImagePullPolicy, One of Always, Never, IfNotPresent. + Defaults to IfNotPresent. + enum: + - Always + - Never + - IfNotPresent + type: string + pullSecretRef: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods that + reference this ServiceAccount. ImagePullSecrets are distinct from + Secrets because Secrets can be mounted in the pod, but ImagePullSecrets + are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: InjectAnnotations annotations are injected to all the internal + resources created by Operator. All the internal annotations is preserved + and forbidden to override. For pod annotations, use podTemplate.annotations + type: object + injectLabels: + additionalProperties: + type: string + description: InjectLabels labels are injected to all the internal resources + created by Operator. All the internal labels is preserved and forbidden + to override. For pod labels, use podTemplate.labels + type: object + internalTopicReplicatorFactor: + format: int32 + type: integer + k8sClusterDomain: + description: K8SClusterDomain defines configuring kubernetes cluster + domain if required. If this setting is not configured it will default + to cluster.local domain. + type: string + license: + description: License defines license configuration for Confluent platform + component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where license key is mounted. More information about + the usage be found in Confluent Operator document. + minLength: 1 + type: string + globalLicense: + description: GlobalLicense specifies whether operator pod license + will be used for this component If enabled then Confluent platform + component shares Confluent Operator license. + type: boolean + secretRef: + description: SecretRef is secret reference which provides license + for CP component More information about the license key struct + can be found in Confluent Operator document. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + mail: + description: ControlCenterSMTPServer, these settings control the SMTP + server and account used when an alerts triggers the email action. + properties: + authentication: + description: Authentication SMTP supports basic authentication support + only For other types of authentication use config overrides capability. + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic + credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on + the server side only. Changes will be only reflected in + ControlCenter (C3). This configuration is ignored on the + client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on + the server side only. This configuration is ignored on + the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme for + Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + checkServerIdentity: + description: CheckServerIdentity forces validation of server’s certificate + when using STARTTLS or SSL. + type: boolean + hostname: + description: Hostname of outgoing SMTP server + minLength: 1 + type: string + mailBounceAddress: + description: MailBounceAddress override for MailFrom config to send + message + minLength: 1 + type: string + mailFrom: + description: MailFrom the originating address for emails sent from + Control Center. + minLength: 1 + type: string + port: + description: Port SMTP port open on for hostname + format: int32 + type: integer + startTLSRequired: + description: StartTLSRequired forces using STARTTLS. + type: boolean + required: + - hostname + type: object + metrics: + description: Metrics specifies the security settings for metric services + properties: + authentication: + description: Metrics security authentication + properties: + type: + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: Override for jmx-prometheus exporter configs + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Prometheus exporter rule override + properties: + attrNameSnakeCase: + minLength: 1 + type: string + cache: + minLength: 1 + type: string + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + minLength: 1 + type: string + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP component + (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + monitoringKafkaClusters: + description: MonitoringKafkaClusters defines configuring monitoring + clusters + items: + description: MonitoringKafkaClusters kafka cluster configuration + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + name: + description: Name defines the cluster name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + tls: + description: TLSDependencyConfig defines the client side TLS setting + for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + required: + - name + type: object + type: array + mountedSecrets: + description: MountedSecrets defines list of secrets reference injected + to the the underlying statefulset configuration. The secret reference + is mounted secret mounted in default path /mnt/secrets/. + The underlying resources will follow the secret as a file configuration + as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod + Change will roll the cluster + items: + description: MountedSecrets allows provides a way to inject custom + secret to underlying statefulset. + properties: + keyItems: + description: keyItems is list of key and path names + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must + be a value between 0 and 0777. If not specified, the volume + defaultMode will be used. This might be in conflict with + other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key + to. May not be an absolute path. May not contain the path + element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: SecretRef defines the secret name referenced + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + name: + description: ControlCenterName name of the cluster + type: string + oneReplicaPerNode: + description: OneReplicaPerNode enforces to run 1 pod per node through + pod anti-affinity capability. Enabling this configuration in existing + cluster will roll. Change will roll the cluster + type: boolean + podTemplate: + description: PodTemplate defines some statefulset pod template configuration + properties: + affinity: + description: 'Affinity is a group of affinity scheduling rules. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its + node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. + The TopologySelectorTerm type implements a subset + of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the + sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations defines an unstructured key value map + stored with a resource that may be set by external tools to store + and retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + envVars: + description: 'EnvVars defines the collection of EnvVar to inject + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Labels defines map of string keys and values that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present in + container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all + containers in a pod. Some volume types allow the Kubelet to + change the ownership of that volume to be owned by the pod: + \n 1. The owning GID will be the FSGroup 2. The setgid bit + is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership and permissions + of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence for + that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to + start the container if it does. If unset or false, no such + validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run + in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName defines priority class for the pod + (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: Probe defines some fields of standard kubernetes readiness/liveness + probe configuration. + properties: + liveness: + description: Liveness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + readiness: + description: Readiness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + type: object + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds defines grace period + for pod deletion + format: int64 + type: integer + tolerations: + description: Tolerations defines The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator . + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using the + matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to + Equal. Exists is equivalent to wildcard for value, so that + a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do + not evict). Zero and negative values will be treated as + 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraints describes how a group of + pods ought to spread across topology domains. Scheduler will schedule + pods in a way which abides by the constraints. All topologySpreadConstraints + are ANDed. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods may + be unevenly distributed. It''s the maximum permitted difference + between the number of matching pods in any two topology + domains of a given topology type. For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with the same labelSelector + spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | + - if MaxSkew is 1, incoming pod can only be scheduled to + zone3 to become 1/1/1; scheduling it onto zone1(zone2) would + make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any + zone. It''s a required field. Default value is 1 and 0 is + not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule + (default) tells the scheduler not to schedule it - ScheduleAnyway + tells the scheduler to still schedule it It''s considered + as "Unsatisfiable" if and only if placing incoming pod on + any topology violates "MaxSkew". For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with the same labelSelector + spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod + can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). + In other words, the cluster can still be imbalanced, but + scheduler won''t make it *more* imbalanced. It''s a required + field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + replicas: + description: Replicas is the desired number of replicas of the given + Template. Change will roll the cluster + format: int32 + type: integer + storageClass: + description: StorageClass defines user provided storage class reference + properties: + name: + description: Name defines name is the storage class reference name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + telemetry: + description: ConfluentTelemetry defines the confluent telemetry reporter + configuration + properties: + global: + description: Global will allow disabling telemetry configuration. + If Operator is deployed with telemetry, this field is only is + used to disabled. By default the value is true if telemetry is + enabled in global level. + type: boolean + type: object + tls: + description: TLS defines tls configuration for rest-endpoint + properties: + autoGeneratedCerts: + description: AutoGenerated if configures generates the certificates + based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where keystore/truststore.jks/jksPassword.txt keys + are mounted. CP will not configure truststore.jks can be ignored + with IgnoreTrustStoreConfig field + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the truststore + configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced for + jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced for + jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for certificates + More information about certificates key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - dataVolumeCapacity + - image + - replicas + type: object + status: + description: ControlCenterStatus defines the observed state of ControlCenter + properties: + authorizationType: + type: string + clusterName: + description: ClusterName defines the name of the cluster + type: string + clusterNamespace: + description: ClusterNamespace provides the namespace where cluster is + running + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + controlCenterName: + type: string + currentReplicas: + description: CurrentReplicas defines current running replicas + format: int32 + type: integer + id: + format: int32 + type: integer + internalSecrets: + description: InternalSecrets defines the list of internal secrets created + by Operator for each CP component. + items: + type: string + type: array + internalTopicNames: + description: InternalTopicNames is a list of topics used by the component + for internal use + items: + type: string + type: array + kafka: + description: KafkaClientInfoStatus defines the kafka client side status + for all CP component + properties: + authenticationType: + description: AuthenticationType defines the authentication type + for kafka + type: string + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + type: string + tls: + description: TLS defines if tls is enabled for kafka dependency + type: boolean + type: object + operatorVersion: + description: OperatorVersion defines the internal version of operator + type: string + phase: + description: Phase defines the state of the CP component + type: string + rbac: + description: RBACInfoStatus defines RBAC related status when RBAC is + enabled + properties: + clusterId: + description: ClusterId defines the id of cluster + type: string + internalRolebindings: + description: RolebindingState defines the state of internal rolebindings + items: + type: string + type: array + type: object + readyReplicas: + description: ReadyReplicas defines current ready replicas + format: int32 + type: integer + replicas: + description: Replicas defines replicas + format: int32 + type: integer + restConfig: + description: ListenerStatus describes general information about a listeners + properties: + advertisedExternalEndpoints: + description: AdvertisedExternalEndpoints defines other advertised + endpoints, especially use for kafka + items: + type: string + type: array + authenticationType: + description: AuthenticationType defines authentication type configured + by a listener + type: string + externalAccessType: + description: ExternalAccessType is the external access type used + for the listener + type: string + externalEndpoint: + description: ExternalEndpoint defines the external endpoint to connect + to the service + type: string + internalEndpoint: + description: InternalEndpoint defines the internal endpoint to connect + to the service + type: string + tls: + description: TLS defines whether tls is configured by a listener + type: boolean + type: object + required: + - id + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.0.2/crds/platform.confluent.io_kafkarestclasses.yaml b/base/cfk-base/2.0.2/crds/platform.confluent.io_kafkarestclasses.yaml new file mode 100644 index 0000000..56f6cf4 --- /dev/null +++ b/base/cfk-base/2.0.2/crds/platform.confluent.io_kafkarestclasses.yaml @@ -0,0 +1,326 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_kafkarestclasses.yaml + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: kafkarestclasses.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: KafkaRestClass + listKind: KafkaRestClassList + plural: kafkarestclasses + shortNames: + - krc + - kafkarestclass + singular: kafkarestclass + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: KafkaRestClass is the Schema for the kafkarestclasses API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KafkaRestClassSpec defines the desired state of KafkaRestClass + properties: + kafkaClusterRef: + description: KafkaClusterRef defines the name of the kafka cluster + properties: + name: + description: Name defines name of the Kafka cluster + minLength: 1 + type: string + namespace: + description: Namespace defines namespace where kafka cluster is + running + minLength: 1 + type: string + required: + - name + type: object + kafkaRest: + description: KafkaRestApiInfo defines Kafka Rest API configuration + properties: + authentication: + description: Authentication defines authentication of Kafka Rest + API + properties: + basic: + description: KafkaRestBasicAuthentication defines basic authentication + properties: + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + bearer: + description: KafkaRestBearerAuthentication defines bearer authentication, + used by MDS clients when RBAC enabled + properties: + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: + enum: + - basic + - bearer + type: string + required: + - type + type: object + endpoint: + description: Endpoint defines where confluent Kafka Rest API is + running + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: TLSDependencyConfig defines the client side tls configuration + to connect to Kafka Rest API + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + secondaryKafkaClusterRef: + description: SecondaryKafkaClusterRef defines the name of the secondary + kafka cluster when using centralized RBAC + properties: + name: + description: Name defines name of the Kafka cluster + minLength: 1 + type: string + namespace: + description: Namespace defines namespace where kafka cluster is + running + minLength: 1 + type: string + required: + - name + type: object + secondaryKafkaRest: + description: SeconaryKafkaRestApiInfo defines secondary Kafka Rest API + configuration when using centralized RBAC + properties: + authentication: + description: Authentication defines authentication of Kafka Rest + API + properties: + basic: + description: KafkaRestBasicAuthentication defines basic authentication + properties: + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + bearer: + description: KafkaRestBearerAuthentication defines bearer authentication, + used by MDS clients when RBAC enabled + properties: + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: + enum: + - basic + - bearer + type: string + required: + - type + type: object + endpoint: + description: Endpoint defines where confluent Kafka Rest API is + running + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: TLSDependencyConfig defines the client side tls configuration + to connect to Kafka Rest API + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + type: object + status: + description: KafkaRestClassStatus defines the observed state of KafkaRestClass + properties: + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + endpoint: + description: Endpoint defines the kafkarest/mds endpoint + type: string + kafkaClusterId: + description: KafkaClusterId defines the cluster id of kafka cluster + If using centralized RBAC and kafkarestclass is for secondary kafka + cluster, it will be clusterId of secondary kafka cluster + type: string + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.0.2/crds/platform.confluent.io_kafkas.yaml b/base/cfk-base/2.0.2/crds/platform.confluent.io_kafkas.yaml new file mode 100644 index 0000000..44f4cce --- /dev/null +++ b/base/cfk-base/2.0.2/crds/platform.confluent.io_kafkas.yaml @@ -0,0 +1,4133 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_kafkas.yaml + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: kafkas.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.replicas + name: Replicas + type: string + - JSONPath: .status.readyReplicas + name: Ready + type: string + - JSONPath: .status.phase + name: Status + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.zookeeperConnect + name: Zookeeper + priority: 1 + type: string + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: Kafka + listKind: KafkaList + plural: kafkas + shortNames: + - kafka + - broker + singular: kafka + preserveUnknownFields: false + scope: Namespaced + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + validation: + openAPIV3Schema: + description: Kafka is the Schema for the kafkas API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KafkaSpec defines the desired state of CP component, Kafka + Server + properties: + authorization: + description: Authorization defines authorization support + properties: + superUsers: + description: SuperUsers defines list of supers user to give admin + privilege on the Kafka Cluster This list takes the format as User: + items: + type: string + type: array + type: + enum: + - rbac + - simple + type: string + required: + - type + type: object + configOverrides: + description: ConfigurationOverrides defines capability to override server/jvm/log4j + properties for each Confluent platform component. Change will roll + the cluster + properties: + jvm: + description: JVM defines a list of jvm configuration supported by + application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported by + application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + dataVolumeCapacity: + anyOf: + - type: integer + - type: string + description: DataVolumeCapacity defines the PV capacity. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + dependencies: + description: Dependencies defines all the kafka dependencies like zookeeper + and centralized MDS settings + properties: + kafkaRest: + description: KafkaRestApiClientDep provides rest client auth for + MDS when RBAC is enabled + properties: + authentication: + description: Authentication defines authentication of Kafka + Rest API + properties: + bearer: + description: BearerAuthentication defines bearer authentication + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines the authentication type support + for MDS + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: Endpoint defines where confluent Kafka Rest API + is running + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: TLSDependencyConfig defines the client side tls + configuration to connect to Kafka Rest API + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: KafkaPrimaryMetaDataServerDep configure a secondary + Kafka cluster managed by the MDS of the primary Kafka cluster + properties: + endpoint: + description: URLEndpoint defines the URL endpoint in format + http|s://:port + minLength: 1 + pattern: ^https?://.* + type: string + kafka: + description: KafkaClientDependency allows configuring CP component + dependency to configure kafka settings + properties: + authentication: + description: Authentication defines the authentication for + the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's + JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference + to pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete + JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability + to discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is + running Uses the same namespace where Operator is + running if not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side + TLS setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: MDSTokenKeyPair load either through secretRef or + directory path + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - endpoint + - kafka + - tokenKeyPair + type: object + schemaRegistry: + description: SchemaRegistryClientDependency allows configuring CP + component dependency to configure schemaRegistry settings + properties: + authentication: + description: Authentication defines the authentication for the + schemaregistry cluster + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass + basic credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles + on the server side only. Changes will be only reflected + in ControlCenter (C3). This configuration is ignored + on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is ignored + on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for schemaregistry cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - url + type: object + zookeeper: + description: KafkaZookeeperDependencies + properties: + authentication: + description: KafkaClientAuthentication defines the authentication + structure for all dependent CP Component for Kafka Cluster. + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + discovery: + description: Discovery discover structure used by Confluent + platform (CP) + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + endpoint: + description: Endpoint defines the endpoint for service is format + endpoint:port + minLength: 1 + pattern: .+:[0-9]+ + type: string + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + type: object + image: + description: Image defines application and init docker image configuration. + Change will roll the cluster + properties: + application: + description: Application defines application docker image name + pattern: .+:.+ + type: string + init: + description: Init defines init-container name + pattern: .+:.+ + type: string + pullPolicy: + description: ImagePullPolicy, One of Always, Never, IfNotPresent. + Defaults to IfNotPresent. + enum: + - Always + - Never + - IfNotPresent + type: string + pullSecretRef: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods that + reference this ServiceAccount. ImagePullSecrets are distinct from + Secrets because Secrets can be mounted in the pod, but ImagePullSecrets + are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: InjectAnnotations annotations are injected to all the internal + resources created by Operator. All the internal annotations is preserved + and forbidden to override. For pod annotations, use podTemplate.annotations + type: object + injectLabels: + additionalProperties: + type: string + description: InjectLabels labels are injected to all the internal resources + created by Operator. All the internal labels is preserved and forbidden + to override. For pod labels, use podTemplate.labels + type: object + k8sClusterDomain: + description: K8SClusterDomain defines configuring kubernetes cluster + domain if required. If this setting is not configured it will default + to cluster.local domain. + type: string + license: + description: License defines license configuration for Confluent platform + component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where license key is mounted. More information about + the usage be found in Confluent Operator document. + minLength: 1 + type: string + globalLicense: + description: GlobalLicense specifies whether operator pod license + will be used for this component If enabled then Confluent platform + component shares Confluent Operator license. + type: boolean + secretRef: + description: SecretRef is secret reference which provides license + for CP component More information about the license key struct + can be found in Confluent Operator document. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + listeners: + description: Listeners defines listeners configurations + properties: + custom: + items: + description: KafkaCustomListener ... + properties: + authentication: + description: KafkaZkAuthentication defines authentication + structure for Kafka/ZK cluster. + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to + pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + principalMappingRules: + items: + type: string + type: array + type: + description: Type defines supported kafka authentication + types + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + externalAccess: + description: KafkaExternalAccess allows to configure external + access for Kafka cluster + properties: + loadBalancer: + description: LoadBalancer allows to create a kubernetes + load balancer service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations + for the kubernetes service type load balancer + type: object + bootstrapPrefix: + description: BootstrapPrefix defines the prefix for + bootstrap advertised endpoint and will be added + as bootstrapPrefix.domain If not configured it will + be the cluster name of CR + minLength: 1 + type: string + brokerPrefix: + description: 'BrokerPrefix defines the prefix for + broker advertised endpoint and will be added as + brokerPrefix.domain If not configured, it will add + b as a prefix, like b#.domain where # will start + from 0 to replicas count' + minLength: 1 + type: string + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring + source range + items: + type: string + type: array + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on + service's port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed + names such as mycompany.com/my-custom-protocol. + Field can be enabled with ServiceAppProtocol + feature gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which + this service is exposed when type=NodePort + or LoadBalancer. Usually assigned by the system. + If specified, it will be allocated to the + service if unused or else creation of the + service will fail. Default is to auto-allocate + a port if the ServiceType of this Service + requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. + Supports "TCP", "UDP", and "SCTP". Default + is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to + access on the pods targeted by the service. + Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. If this is a string, + it will be looked up as a named port in the + target Pod''s container ports. If this is + not specified, the value of the ''port'' field + is used (an identity map). This field is ignored + for services with clusterIP=None, and should + be omitted or set equal to the ''port'' field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node + port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations + for the kubernetes service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port + offset to be used and will go in the increasing + order with respect to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) For Kafka with nodePort type, it + will only apply to kafka bootstrap service + items: + description: ServicePort contains information on + service's port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed + names such as mycompany.com/my-custom-protocol. + Field can be enabled with ServiceAppProtocol + feature gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which + this service is exposed when type=NodePort + or LoadBalancer. Usually assigned by the system. + If specified, it will be allocated to the + service if unused or else creation of the + service will fail. Default is to auto-allocate + a port if the ServiceType of this Service + requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. + Supports "TCP", "UDP", and "SCTP". Default + is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to + access on the pods targeted by the service. + Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. If this is a string, + it will be looked up as a named port in the + target Pod''s container ports. If this is + not specified, the value of the ''port'' field + is used (an identity map). This field is ignored + for services with clusterIP=None, and should + be omitted or set equal to the ''port'' field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for + OpenShift Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations + for the OpenShift service type route + type: object + bootstrapPrefix: + description: BootstrapPrefix defines the prefix for + bootstrap advertised endpoint and will be added + as bootstrapPrefix.domain If not configured it will + be the cluster name of CR + minLength: 1 + type: string + brokerPrefix: + description: 'BrokerPrefix defines the prefix for + broker advertised endpoint and will be added as + brokerPrefix.domain If not configured, it will add + b as a prefix, like b#.domain where # will start + from 0 to replicas count' + minLength: 1 + type: string + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. + It defaults to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + staticForHostBasedRouting: + description: StaticForHostBasedRouting allows to integrate + with external ingress controllers by doing host based + routing through SNI capability. With this schema, operator + configures kafka advertised listeners only and no kubernetes + external service will be created. + properties: + brokerPrefix: + description: 'BrokerPrefix defines the prefix for + broker advertised endpoint and will be added as + brokerPrefix.domain If not configured, it will add + b as a prefix, like b#.domain where # will start + from 0 to replicas count' + minLength: 1 + type: string + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + port: + description: Port defines the port to be used in the + advertised listener for a broker + format: int32 + type: integer + required: + - domain + - port + type: object + staticForPortBasedRouting: + description: StaticForPortBasedRouting allows to enable + external access by port routing With this schema, operator + configures kafka advertised listeners only and no kubernetes + external service will be created. + properties: + host: + description: Host defines the host name to be used + in the advertised listener for a broker + minLength: 1 + type: string + portOffset: + description: PortOffset defines the portOffset to + be used and will go in the increasing order with + respect to the replicas count + format: int32 + type: integer + required: + - host + - portOffset + type: object + type: + description: Type defines supported kubernetes external + services + enum: + - loadBalancer + - nodePort + - route + - staticForPortBasedRouting + - staticForHostBasedRouting + type: string + required: + - type + type: object + name: + description: Name defines the name of the custom listener + internal/external/token can't be used as they are reserved + by the Operator + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + port: + description: Port will bind given port to the custom listener. + Port < 9093 is reserved by the Operator + format: int32 + minimum: 9093 + type: integer + tls: + description: ClientTLSConfig defines TLS configuration for + CP component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + required: + - name + - port + type: object + type: array + external: + description: KafkaExternalAccessListener is the kafka specific external + listener + properties: + authentication: + description: KafkaZkAuthentication defines authentication structure + for Kafka/ZK cluster. + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + principalMappingRules: + items: + type: string + type: array + type: + description: Type defines supported kafka authentication + types + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + externalAccess: + description: KafkaExternalAccess allows to configure external + access for Kafka cluster + properties: + loadBalancer: + description: LoadBalancer allows to create a kubernetes + load balancer service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type load balancer + type: object + bootstrapPrefix: + description: BootstrapPrefix defines the prefix for + bootstrap advertised endpoint and will be added as + bootstrapPrefix.domain If not configured it will be + the cluster name of CR + minLength: 1 + type: string + brokerPrefix: + description: 'BrokerPrefix defines the prefix for broker + advertised endpoint and will be added as brokerPrefix.domain + If not configured, it will add b as a prefix, like + b#.domain where # will start from 0 to replicas count' + minLength: 1 + type: string + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring + source range + items: + type: string + type: array + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. Field + can be enabled with ServiceAppProtocol feature + gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type=NodePort or LoadBalancer. + Usually assigned by the system. If specified, + it will be allocated to the service if unused + or else creation of the service will fail. Default + is to auto-allocate a port if the ServiceType + of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number + must be in the range 1 to 65535. Name must be + an IANA_SVC_NAME. If this is a string, it will + be looked up as a named port in the target Pod''s + container ports. If this is not specified, the + value of the ''port'' field is used (an identity + map). This field is ignored for services with + clusterIP=None, and should be omitted or set + equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node + port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port + offset to be used and will go in the increasing order + with respect to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) For Kafka with nodePort type, it will + only apply to kafka bootstrap service + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. Field + can be enabled with ServiceAppProtocol feature + gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type=NodePort or LoadBalancer. + Usually assigned by the system. If specified, + it will be allocated to the service if unused + or else creation of the service will fail. Default + is to auto-allocate a port if the ServiceType + of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number + must be in the range 1 to 65535. Name must be + an IANA_SVC_NAME. If this is a string, it will + be looked up as a named port in the target Pod''s + container ports. If this is not specified, the + value of the ''port'' field is used (an identity + map). This field is ignored for services with + clusterIP=None, and should be omitted or set + equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for + OpenShift Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the OpenShift service type route + type: object + bootstrapPrefix: + description: BootstrapPrefix defines the prefix for + bootstrap advertised endpoint and will be added as + bootstrapPrefix.domain If not configured it will be + the cluster name of CR + minLength: 1 + type: string + brokerPrefix: + description: 'BrokerPrefix defines the prefix for broker + advertised endpoint and will be added as brokerPrefix.domain + If not configured, it will add b as a prefix, like + b#.domain where # will start from 0 to replicas count' + minLength: 1 + type: string + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. + It defaults to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + staticForHostBasedRouting: + description: StaticForHostBasedRouting allows to integrate + with external ingress controllers by doing host based + routing through SNI capability. With this schema, operator + configures kafka advertised listeners only and no kubernetes + external service will be created. + properties: + brokerPrefix: + description: 'BrokerPrefix defines the prefix for broker + advertised endpoint and will be added as brokerPrefix.domain + If not configured, it will add b as a prefix, like + b#.domain where # will start from 0 to replicas count' + minLength: 1 + type: string + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + port: + description: Port defines the port to be used in the + advertised listener for a broker + format: int32 + type: integer + required: + - domain + - port + type: object + staticForPortBasedRouting: + description: StaticForPortBasedRouting allows to enable + external access by port routing With this schema, operator + configures kafka advertised listeners only and no kubernetes + external service will be created. + properties: + host: + description: Host defines the host name to be used in + the advertised listener for a broker + minLength: 1 + type: string + portOffset: + description: PortOffset defines the portOffset to be + used and will go in the increasing order with respect + to the replicas count + format: int32 + type: integer + required: + - host + - portOffset + type: object + type: + description: Type defines supported kubernetes external + services + enum: + - loadBalancer + - nodePort + - route + - staticForPortBasedRouting + - staticForHostBasedRouting + type: string + required: + - type + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + internal: + description: Listener is the base fields for component listener + configuration + properties: + authentication: + description: KafkaZkAuthentication defines authentication structure + for Kafka/ZK cluster. + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + principalMappingRules: + items: + type: string + type: array + type: + description: Type defines supported kafka authentication + types + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + type: object + metricReporter: + description: MetricsReporter defines the metric reporter configuration + which will be enabled by default, and piggyback internal listener's + authentication and TLS if it is not set + properties: + authentication: + description: KafkaClientAuthentication defines the authentication + structure for all dependent CP Component for Kafka Cluster. + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + type: string + enabled: + type: boolean + replicationFactor: + format: int32 + type: integer + tls: + description: ClientTLSConfig defines TLS configuration for CP component + (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + required: + - enabled + type: object + metrics: + description: Metrics specifies the security settings for metric services + properties: + authentication: + description: Metrics security authentication + properties: + type: + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: Override for jmx-prometheus exporter configs + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Prometheus exporter rule override + properties: + attrNameSnakeCase: + minLength: 1 + type: string + cache: + minLength: 1 + type: string + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + minLength: 1 + type: string + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP component + (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: MountedSecrets defines list of secrets reference injected + to the the underlying statefulset configuration. The secret reference + is mounted secret mounted in default path /mnt/secrets/. + The underlying resources will follow the secret as a file configuration + as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod + Change will roll the cluster + items: + description: MountedSecrets allows provides a way to inject custom + secret to underlying statefulset. + properties: + keyItems: + description: keyItems is list of key and path names + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must + be a value between 0 and 0777. If not specified, the volume + defaultMode will be used. This might be in conflict with + other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key + to. May not be an absolute path. May not contain the path + element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: SecretRef defines the secret name referenced + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + oneReplicaPerNode: + description: OneReplicaPerNode enforces to run 1 pod per node through + pod anti-affinity capability. Enabling this configuration in existing + cluster will roll. Change will roll the cluster + type: boolean + podTemplate: + description: PodTemplate defines some statefulset pod template configuration + properties: + affinity: + description: 'Affinity is a group of affinity scheduling rules. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its + node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. + The TopologySelectorTerm type implements a subset + of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the + sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations defines an unstructured key value map + stored with a resource that may be set by external tools to store + and retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + envVars: + description: 'EnvVars defines the collection of EnvVar to inject + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Labels defines map of string keys and values that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present in + container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all + containers in a pod. Some volume types allow the Kubelet to + change the ownership of that volume to be owned by the pod: + \n 1. The owning GID will be the FSGroup 2. The setgid bit + is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership and permissions + of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence for + that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to + start the container if it does. If unset or false, no such + validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run + in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName defines priority class for the pod + (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: Probe defines some fields of standard kubernetes readiness/liveness + probe configuration. + properties: + liveness: + description: Liveness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + readiness: + description: Readiness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + type: object + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds defines grace period + for pod deletion + format: int64 + type: integer + tolerations: + description: Tolerations defines The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator . + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using the + matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to + Equal. Exists is equivalent to wildcard for value, so that + a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do + not evict). Zero and negative values will be treated as + 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraints describes how a group of + pods ought to spread across topology domains. Scheduler will schedule + pods in a way which abides by the constraints. All topologySpreadConstraints + are ANDed. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods may + be unevenly distributed. It''s the maximum permitted difference + between the number of matching pods in any two topology + domains of a given topology type. For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with the same labelSelector + spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | + - if MaxSkew is 1, incoming pod can only be scheduled to + zone3 to become 1/1/1; scheduling it onto zone1(zone2) would + make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any + zone. It''s a required field. Default value is 1 and 0 is + not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule + (default) tells the scheduler not to schedule it - ScheduleAnyway + tells the scheduler to still schedule it It''s considered + as "Unsatisfiable" if and only if placing incoming pod on + any topology violates "MaxSkew". For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with the same labelSelector + spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod + can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). + In other words, the cluster can still be imbalanced, but + scheduler won''t make it *more* imbalanced. It''s a required + field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + rackAssignment: + description: RackAssignment defines the rack awareness capability for + kafka + properties: + availabilityZoneCount: + description: AvailabilityZoneCount if configured will configure + broker.rack with formula (pod_id % azCount) this is mainly for + backwards compatibility with Operator 1.0 + format: int32 + type: integer + nodeLabels: + description: NodeLabels if configured uses the kubernetes node APIs + to to retrieve the value to be used in the broker.rack. This feature + requires Confluent Operaotr to run in cluster-level access + items: + type: string + minItems: 1 + type: array + type: object + replicas: + description: Replicas is the desired number of replicas of the given + Template. Change will roll the cluster + format: int32 + type: integer + services: + description: KafkaServices defines services supported part of kafka + properties: + kafkaRest: + description: RestApiServer embedded rest api server + properties: + authentication: + description: RestServerAuthentication server authentication + support to the CP Component + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass + basic credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles + on the server side only. Changes will be only reflected + in ControlCenter (C3). This configuration is ignored + on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is ignored + on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest Server + enum: + - basic + - mtls + type: string + required: + - type + type: object + externalAccess: + description: CPExternalAccess holds all external access policies + for non-kafka components + properties: + loadBalancer: + description: LoadBalancer allows to create a kubernetes + load balancer service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type load balancer + type: object + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring + source range + items: + type: string + type: array + port: + description: Port allows to configure external port + for client consumption If not configured, same internal/external + port will be configured per component Information + about the port can be retrieved through status API + format: int32 + type: integer + prefix: + description: Prefix will add prefix when configured + for the given domain If prefix is not configured, + the name of the cluster will be used as a default + value + minLength: 1 + type: string + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. Field + can be enabled with ServiceAppProtocol feature + gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type=NodePort or LoadBalancer. + Usually assigned by the system. If specified, + it will be allocated to the service if unused + or else creation of the service will fail. Default + is to auto-allocate a port if the ServiceType + of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number + must be in the range 1 to 65535. Name must be + an IANA_SVC_NAME. If this is a string, it will + be looked up as a named port in the target Pod''s + container ports. If this is not specified, the + value of the ''port'' field is used (an identity + map). This field is ignored for services with + clusterIP=None, and should be omitted or set + equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node + port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port + offset to be used and will go in the increasing order + with respect to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) For Kafka with nodePort type, it will + only apply to kafka bootstrap service + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. Field + can be enabled with ServiceAppProtocol feature + gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type=NodePort or LoadBalancer. + Usually assigned by the system. If specified, + it will be allocated to the service if unused + or else creation of the service will fail. Default + is to auto-allocate a port if the ServiceType + of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number + must be in the range 1 to 65535. Name must be + an IANA_SVC_NAME. If this is a string, it will + be looked up as a named port in the target Pod''s + container ports. If this is not specified, the + value of the ''port'' field is used (an identity + map). This field is ignored for services with + clusterIP=None, and should be omitted or set + equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for + OpenShift Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the OpenShift service type route + type: object + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + prefix: + description: Prefix will add prefix when configured + for the given domain If prefix is not configured, + the name of the cluster will be used as a default + value + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. + It defaults to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: Type defines supported kubernetes external + services + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: MetaDataServer + properties: + authentication: + description: MDSAuthentication supported MDS server configuration + properties: + type: + enum: + - bearer + type: string + required: + - type + type: object + externalAccess: + description: CPExternalAccess holds all external access policies + for non-kafka components + properties: + loadBalancer: + description: LoadBalancer allows to create a kubernetes + load balancer service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type load balancer + type: object + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring + source range + items: + type: string + type: array + port: + description: Port allows to configure external port + for client consumption If not configured, same internal/external + port will be configured per component Information + about the port can be retrieved through status API + format: int32 + type: integer + prefix: + description: Prefix will add prefix when configured + for the given domain If prefix is not configured, + the name of the cluster will be used as a default + value + minLength: 1 + type: string + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. Field + can be enabled with ServiceAppProtocol feature + gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type=NodePort or LoadBalancer. + Usually assigned by the system. If specified, + it will be allocated to the service if unused + or else creation of the service will fail. Default + is to auto-allocate a port if the ServiceType + of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number + must be in the range 1 to 65535. Name must be + an IANA_SVC_NAME. If this is a string, it will + be looked up as a named port in the target Pod''s + container ports. If this is not specified, the + value of the ''port'' field is used (an identity + map). This field is ignored for services with + clusterIP=None, and should be omitted or set + equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node + port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port + offset to be used and will go in the increasing order + with respect to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) For Kafka with nodePort type, it will + only apply to kafka bootstrap service + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. Field + can be enabled with ServiceAppProtocol feature + gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type=NodePort or LoadBalancer. + Usually assigned by the system. If specified, + it will be allocated to the service if unused + or else creation of the service will fail. Default + is to auto-allocate a port if the ServiceType + of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number + must be in the range 1 to 65535. Name must be + an IANA_SVC_NAME. If this is a string, it will + be looked up as a named port in the target Pod''s + container ports. If this is not specified, the + value of the ''port'' field is used (an identity + map). This field is ignored for services with + clusterIP=None, and should be omitted or set + equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for + OpenShift Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the OpenShift service type route + type: object + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + prefix: + description: Prefix will add prefix when configured + for the given domain If prefix is not configured, + the name of the cluster will be used as a default + value + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. + It defaults to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: Type defines supported kubernetes external + services + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + provider: + properties: + ldap: + description: LdapService LDAP configuration for RBAC + properties: + address: + type: string + authentication: + description: LdapAuthentication supported ldap configuration + for RBAC + properties: + simple: + description: LdapSimpleAuthentication load credential + either for secret or directory path in container + for RBAC + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - simple + - mtls + type: string + required: + - type + type: object + configurations: + description: LdapSettings ldap configurations for CP + RBAC. Anything missing can be passed through configOverride + capability + properties: + groupMemberAttribute: + minLength: 1 + type: string + groupMemberAttributePattern: + minLength: 1 + type: string + groupNameAttribute: + minLength: 1 + type: string + groupObjectClass: + minLength: 1 + type: string + groupSearchBase: + minLength: 1 + type: string + groupSearchFilter: + minLength: 1 + type: string + groupSearchScope: + format: int32 + type: integer + userMemberOfAttributePattern: + minLength: 1 + type: string + userNameAttribute: + minLength: 1 + type: string + userObjectClass: + minLength: 1 + type: string + userSearchBase: + minLength: 1 + type: string + userSearchFilter: + minLength: 1 + type: string + userSearchScope: + format: int32 + type: integer + type: object + tls: + description: ClientTLSConfig defines TLS configuration + for CP component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the + directory path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration + for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure + ignores the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name + referenced for jks password + properties: + secretRef: + description: SecretRef defines the secret name + referenced for jks password More information + about jks password key/value format can be + found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + required: + - address + - authentication + - configurations + type: object + type: + enum: + - ldap + type: string + required: + - ldap + - type + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: MDSTokenKeyPair load either through secretRef or + directory path + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - provider + - tokenKeyPair + type: object + type: object + storageClass: + description: StorageClass defines the user provided storage class. If + not configured, it will use default storage class. + properties: + name: + description: Name defines name is the storage class reference name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + telemetry: + description: ConfluentTelemetry defines the confluent telemetry reporter + configuration + properties: + global: + description: Global will allow disabling telemetry configuration. + If Operator is deployed with telemetry, this field is only is + used to disabled. By default the value is true if telemetry is + enabled in global level. + type: boolean + type: object + tls: + description: TLS defines the global level TLS configuration which can + be used by listeners and services if they all want to share same certificate. + properties: + autoGeneratedCerts: + description: AutoGenerated if configures generates the certificates + based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where keystore/truststore.jks/jksPassword.txt keys + are mounted. CP will not configure truststore.jks can be ignored + with IgnoreTrustStoreConfig field + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the truststore + configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced for + jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced for + jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for certificates + More information about certificates key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - dataVolumeCapacity + - image + - replicas + type: object + status: + description: KafkaStatus defines the observed state of KafkaServer + properties: + authorizationType: + type: string + brokerIdOffset: + format: int32 + type: integer + clusterName: + description: ClusterName defines the name of the cluster + type: string + clusterNamespace: + description: ClusterNamespace provides the namespace where cluster is + running + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + currentReplicas: + description: CurrentReplicas defines current running replicas + format: int32 + type: integer + externalClient: + type: string + internalSecrets: + description: InternalSecrets defines the list of internal secrets created + by Operator for each CP component. + items: + type: string + type: array + internalTopicNames: + description: InternalTopicNames is a list of topics used by the component + for internal use + items: + type: string + type: array + listeners: + additionalProperties: + properties: + advertisedExternalEndpoints: + description: AdvertisedExternalEndpoints defines other advertised + endpoints, especially use for kafka + items: + type: string + type: array + authenticationType: + description: AuthenticationType defines authentication type configured + by a listener + type: string + client: + type: string + externalAccessType: + description: ExternalAccessType is the external access type used + for the listener + type: string + externalEndpoint: + description: ExternalEndpoint defines the external endpoint to + connect to the service + type: string + internalEndpoint: + description: InternalEndpoint defines the internal endpoint to + connect to the service + type: string + tls: + description: TLS defines whether tls is configured by a listener + type: boolean + type: object + type: object + minISR: + format: int32 + type: integer + operatorVersion: + description: OperatorVersion defines the internal version of operator + type: string + phase: + description: Phase defines the state of the CP component + type: string + readyReplicas: + description: ReadyReplicas defines current ready replicas + format: int32 + type: integer + replicas: + description: Replicas defines replicas + format: int32 + type: integer + replicationFactor: + format: int32 + type: integer + services: + additionalProperties: + description: ListenerStatus describes general information about a + listeners + properties: + advertisedExternalEndpoints: + description: AdvertisedExternalEndpoints defines other advertised + endpoints, especially use for kafka + items: + type: string + type: array + authenticationType: + description: AuthenticationType defines authentication type configured + by a listener + type: string + externalAccessType: + description: ExternalAccessType is the external access type used + for the listener + type: string + externalEndpoint: + description: ExternalEndpoint defines the external endpoint to + connect to the service + type: string + internalEndpoint: + description: InternalEndpoint defines the internal endpoint to + connect to the service + type: string + tls: + description: TLS defines whether tls is configured by a listener + type: boolean + type: object + type: object + zookeeperConnect: + type: string + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.0.2/crds/platform.confluent.io_kafkatopics.yaml b/base/cfk-base/2.0.2/crds/platform.confluent.io_kafkatopics.yaml new file mode 100644 index 0000000..bd6ba8c --- /dev/null +++ b/base/cfk-base/2.0.2/crds/platform.confluent.io_kafkatopics.yaml @@ -0,0 +1,270 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_kafkatopics.yaml + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: kafkatopics.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.replicas + name: Replicas + type: string + - JSONPath: .status.partitionCount + name: Partition + type: string + - JSONPath: .status.state + name: Status + type: string + - JSONPath: .status.kafkaClusterId + name: ClusterId + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: KafkaTopic + listKind: KafkaTopicList + plural: kafkatopics + shortNames: + - kt + - topic + singular: kafkatopic + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: KafkaTopic is the Schema for the kafkatopics API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KafkaTopicSpec defines the desired state of KafkaTopic + properties: + configs: + additionalProperties: + type: string + description: Configs allows passing configs for topic More information + about topic configs is available here https://docs.confluent.io/current/installation/configuration/topic-configs.html + type: object + kafkaClusterRef: + description: KafkaClusterRef defines the name of the kafka cluster + properties: + name: + description: Name defines name of the Kafka cluster + minLength: 1 + type: string + namespace: + description: Namespace defines namespace where kafka cluster is + running + minLength: 1 + type: string + required: + - name + type: object + kafkaRest: + description: KafkaRestRef defines the Kafka Rest API configuration + properties: + authentication: + description: Authentication defines authentication of Kafka Rest + API + properties: + basic: + description: KafkaRestBasicAuthentication defines basic authentication + properties: + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + bearer: + description: KafkaRestBearerAuthentication defines bearer authentication, + used by MDS clients when RBAC enabled + properties: + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: + enum: + - basic + - bearer + type: string + required: + - type + type: object + endpoint: + description: Endpoint defines where confluent Kafka Rest API is + running + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: TLSDependencyConfig defines the client side tls configuration + to connect to Kafka Rest API + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + kafkaRestClassRef: + description: KafkaRestClassRef defines the reference for KafkaRestClass + which defines Kafka Rest API + properties: + name: + description: Name defines the name of KafkaRestClass + minLength: 1 + type: string + namespace: + description: Namespace defines the namespace of the KafkaRestClass + type: string + required: + - name + type: object + name: + description: Name defines the topic name. If not configured uses the + CR name as topic name. + maxLength: 255 + minLength: 1 + pattern: ^[a-zA-Z0-9\._\-]*$ + type: string + partitionCount: + description: PartitionCount defines the partition count. If not configured + then it will be defaulted to whatever kafkarest V3 APIs supports + format: int32 + type: integer + replicas: + description: Replicas defines the replication factor for a topic. If + not configured then it will be defaulted to whatever kafkarest V3 + APIs supports + format: int32 + type: integer + type: object + status: + description: KafkaTopicStatus defines the observed state of KafkaTopic + properties: + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + kafkaClusterId: + type: string + kafkaRestEndpoint: + type: string + partitionCount: + format: int32 + type: integer + replicas: + format: int32 + type: integer + state: + type: string + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.0.2/crds/platform.confluent.io_ksqldbs.yaml b/base/cfk-base/2.0.2/crds/platform.confluent.io_ksqldbs.yaml new file mode 100644 index 0000000..8a16e2a --- /dev/null +++ b/base/cfk-base/2.0.2/crds/platform.confluent.io_ksqldbs.yaml @@ -0,0 +1,2585 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_ksqldbs.yaml + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: ksqldbs.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.replicas + name: Replicas + type: string + - JSONPath: .status.readyReplicas + name: Ready + type: string + - JSONPath: .status.phase + name: Status + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.kafka.bootstrapEndpoint + name: Kafka + priority: 1 + type: string + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: KsqlDB + listKind: KsqlDBList + plural: ksqldbs + shortNames: + - ksqldb + - ksql + singular: ksqldb + preserveUnknownFields: false + scope: Namespaced + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + validation: + openAPIV3Schema: + description: KsqlDB is the Schema for the ksql API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KafkaSpec defines the desired state of CP component, Kafka + Server + properties: + authentication: + description: Authentication specifies whether auth is needed when accessing + the ksqlDB rest server. + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic credential + through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on the + server side only. Changes will be only reflected in ControlCenter + (C3). This configuration is ignored on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on the + server side only. This configuration is ignored on the client + side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme for Rest + Server + enum: + - basic + - mtls + type: string + required: + - type + type: object + authorization: + description: Authorization configuration defines RBAC configuration + properties: + kafkaRestClassRef: + description: KafkaRestClassRef defines the reference for KafkaRestClass + which defines Kafka Rest API + properties: + name: + description: Name defines the name of KafkaRestClass + minLength: 1 + type: string + namespace: + description: Namespace defines the namespace of the KafkaRestClass + type: string + required: + - name + type: object + type: + enum: + - rbac + type: string + required: + - type + type: object + configOverrides: + description: ConfigurationOverrides defines capability to override server/jvm/log4j + properties for each Confluent platform component. Change will roll + the cluster + properties: + jvm: + description: JVM defines a list of jvm configuration supported by + application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported by + application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + dataVolumeCapacity: + anyOf: + - type: integer + - type: string + description: Data volume + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + dependencies: + description: Dependencies defines dependencies Kafka, interceptor, schemaregistry, + mds dependencies + properties: + interceptor: + description: InterceptorDependency defines interceptor settings + for CP component + properties: + configs: + description: Configs defines configs for the CP interceptor + Config override feature can be used to pass config + items: + type: string + type: array + consumer: + description: Consumer defines the consumer configuration for + interceptor. If not configured it will use the kafka dependency + configuration + properties: + authentication: + description: Authentication defines the authentication for + the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's + JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference + to pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete + JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability + to discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is + running Uses the same namespace where Operator is + running if not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side + TLS setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + enabled: + description: Enabled defines to enable the CP interceptor configuration + type: boolean + producer: + description: Producer defines the producer configuration for + interceptor. If not configured it will use the kafka dependency + configuration + properties: + authentication: + description: Authentication defines the authentication for + the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's + JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference + to pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete + JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability + to discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is + running Uses the same namespace where Operator is + running if not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side + TLS setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + publishMs: + type: integer + required: + - enabled + type: object + kafka: + description: KafkaClientDependency allows configuring CP component + dependency to configure kafka settings + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: MDSDependencies defines MDS configure when CP RBAC + is enabled + properties: + authentication: + description: Authentication defines MDS authentication configuration + properties: + bearer: + description: BearerAuthentication defines bearer authentication + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines the authentication type support + for MDS + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: Endpoint defines the mds endpoint + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: TokenKeyPair defines the token keypair to configure + MDS + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - authentication + - endpoint + - tokenKeyPair + type: object + schemaRegistry: + description: SchemaRegistryClientDependency allows configuring CP + component dependency to configure schemaRegistry settings + properties: + authentication: + description: Authentication defines the authentication for the + schemaregistry cluster + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass + basic credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles + on the server side only. Changes will be only reflected + in ControlCenter (C3). This configuration is ignored + on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is ignored + on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for schemaregistry cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - url + type: object + type: object + externalAccess: + description: Provides configuring endpoints and services to make ksqlDB + accessible from outside the cluster + properties: + loadBalancer: + description: LoadBalancer allows to create a kubernetes load balancer + service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type load balancer + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring source + range + items: + type: string + type: array + port: + description: Port allows to configure external port for client + consumption If not configured, same internal/external port + will be configured per component Information about the port + can be retrieved through status API + format: int32 + type: integer + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port offset + to be used and will go in the increasing order with respect + to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) For Kafka with nodePort type, it will only apply to + kafka bootstrap service + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for OpenShift + Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the OpenShift + service type route + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. It defaults + to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: Type defines supported kubernetes external services + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + image: + description: Image defines application and init docker image configuration. + Change will roll the cluster + properties: + application: + description: Application defines application docker image name + pattern: .+:.+ + type: string + init: + description: Init defines init-container name + pattern: .+:.+ + type: string + pullPolicy: + description: ImagePullPolicy, One of Always, Never, IfNotPresent. + Defaults to IfNotPresent. + enum: + - Always + - Never + - IfNotPresent + type: string + pullSecretRef: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods that + reference this ServiceAccount. ImagePullSecrets are distinct from + Secrets because Secrets can be mounted in the pod, but ImagePullSecrets + are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: InjectAnnotations annotations are injected to all the internal + resources created by Operator. All the internal annotations is preserved + and forbidden to override. For pod annotations, use podTemplate.annotations + type: object + injectLabels: + additionalProperties: + type: string + description: InjectLabels labels are injected to all the internal resources + created by Operator. All the internal labels is preserved and forbidden + to override. For pod labels, use podTemplate.labels + type: object + internalTopicReplicationFactor: + description: Replication factor for internal topics + format: int32 + type: integer + k8sClusterDomain: + description: K8SClusterDomain defines configuring kubernetes cluster + domain if required. If this setting is not configured it will default + to cluster.local domain. + type: string + license: + description: License defines license configuration for Confluent platform + component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where license key is mounted. More information about + the usage be found in Confluent Operator document. + minLength: 1 + type: string + globalLicense: + description: GlobalLicense specifies whether operator pod license + will be used for this component If enabled then Confluent platform + component shares Confluent Operator license. + type: boolean + secretRef: + description: SecretRef is secret reference which provides license + for CP component More information about the license key struct + can be found in Confluent Operator document. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + metrics: + description: Metrics specifies the security settings for metric services + properties: + authentication: + description: Metrics security authentication + properties: + type: + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: Override for jmx-prometheus exporter configs + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Prometheus exporter rule override + properties: + attrNameSnakeCase: + minLength: 1 + type: string + cache: + minLength: 1 + type: string + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + minLength: 1 + type: string + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP component + (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: MountedSecrets defines list of secrets reference injected + to the the underlying statefulset configuration. The secret reference + is mounted secret mounted in default path /mnt/secrets/. + The underlying resources will follow the secret as a file configuration + as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod + Change will roll the cluster + items: + description: MountedSecrets allows provides a way to inject custom + secret to underlying statefulset. + properties: + keyItems: + description: keyItems is list of key and path names + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must + be a value between 0 and 0777. If not specified, the volume + defaultMode will be used. This might be in conflict with + other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key + to. May not be an absolute path. May not contain the path + element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: SecretRef defines the secret name referenced + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + oneReplicaPerNode: + description: OneReplicaPerNode enforces to run 1 pod per node through + pod anti-affinity capability. Enabling this configuration in existing + cluster will roll. Change will roll the cluster + type: boolean + podTemplate: + description: PodTemplate defines some statefulset pod template configuration + properties: + affinity: + description: 'Affinity is a group of affinity scheduling rules. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its + node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. + The TopologySelectorTerm type implements a subset + of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the + sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations defines an unstructured key value map + stored with a resource that may be set by external tools to store + and retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + envVars: + description: 'EnvVars defines the collection of EnvVar to inject + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Labels defines map of string keys and values that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present in + container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all + containers in a pod. Some volume types allow the Kubelet to + change the ownership of that volume to be owned by the pod: + \n 1. The owning GID will be the FSGroup 2. The setgid bit + is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership and permissions + of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence for + that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to + start the container if it does. If unset or false, no such + validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run + in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName defines priority class for the pod + (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: Probe defines some fields of standard kubernetes readiness/liveness + probe configuration. + properties: + liveness: + description: Liveness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + readiness: + description: Readiness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + type: object + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds defines grace period + for pod deletion + format: int64 + type: integer + tolerations: + description: Tolerations defines The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator . + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using the + matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to + Equal. Exists is equivalent to wildcard for value, so that + a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do + not evict). Zero and negative values will be treated as + 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraints describes how a group of + pods ought to spread across topology domains. Scheduler will schedule + pods in a way which abides by the constraints. All topologySpreadConstraints + are ANDed. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods may + be unevenly distributed. It''s the maximum permitted difference + between the number of matching pods in any two topology + domains of a given topology type. For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with the same labelSelector + spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | + - if MaxSkew is 1, incoming pod can only be scheduled to + zone3 to become 1/1/1; scheduling it onto zone1(zone2) would + make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any + zone. It''s a required field. Default value is 1 and 0 is + not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule + (default) tells the scheduler not to schedule it - ScheduleAnyway + tells the scheduler to still schedule it It''s considered + as "Unsatisfiable" if and only if placing incoming pod on + any topology violates "MaxSkew". For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with the same labelSelector + spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod + can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). + In other words, the cluster can still be imbalanced, but + scheduler won''t make it *more* imbalanced. It''s a required + field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + replicas: + description: Replicas is the desired number of replicas of the given + Template. Change will roll the cluster + format: int32 + type: integer + storageClass: + description: Storage class used for creating pvc's of created ksqlDB + pods + properties: + name: + description: Name defines name is the storage class reference name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + telemetry: + description: ConfluentTelemetry defines the confluent telemetry reporter + configuration + properties: + global: + description: Global will allow disabling telemetry configuration. + If Operator is deployed with telemetry, this field is only is + used to disabled. By default the value is true if telemetry is + enabled in global level. + type: boolean + type: object + tls: + description: Specifies TLS configurations for the ksqlDB rest server. + properties: + autoGeneratedCerts: + description: AutoGenerated if configures generates the certificates + based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where keystore/truststore.jks/jksPassword.txt keys + are mounted. CP will not configure truststore.jks can be ignored + with IgnoreTrustStoreConfig field + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the truststore + configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced for + jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced for + jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for certificates + More information about certificates key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - dataVolumeCapacity + - image + - replicas + type: object + status: + description: KsqlDBStatus defines the observed state of KSQLServer + properties: + authorizationType: + type: string + clusterName: + description: ClusterName defines the name of the cluster + type: string + clusterNamespace: + description: ClusterNamespace provides the namespace where cluster is + running + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + currentReplicas: + description: CurrentReplicas defines current running replicas + format: int32 + type: integer + internalSecrets: + description: InternalSecrets defines the list of internal secrets created + by Operator for each CP component. + items: + type: string + type: array + internalTopicNames: + description: InternalTopicNames is a list of topics used by the component + for internal use + items: + type: string + type: array + kafka: + description: KafkaClientInfoStatus defines the kafka client side status + for all CP component + properties: + authenticationType: + description: AuthenticationType defines the authentication type + for kafka + type: string + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + type: string + tls: + description: TLS defines if tls is enabled for kafka dependency + type: boolean + type: object + operatorVersion: + description: OperatorVersion defines the internal version of operator + type: string + phase: + description: Phase defines the state of the CP component + type: string + rbac: + description: RBACInfoStatus defines RBAC related status when RBAC is + enabled + properties: + clusterId: + description: ClusterId defines the id of cluster + type: string + internalRolebindings: + description: RolebindingState defines the state of internal rolebindings + items: + type: string + type: array + type: object + readyReplicas: + description: ReadyReplicas defines current ready replicas + format: int32 + type: integer + replicas: + description: Replicas defines replicas + format: int32 + type: integer + restConfig: + description: ListenerStatus describes general information about a listeners + properties: + advertisedExternalEndpoints: + description: AdvertisedExternalEndpoints defines other advertised + endpoints, especially use for kafka + items: + type: string + type: array + authenticationType: + description: AuthenticationType defines authentication type configured + by a listener + type: string + externalAccessType: + description: ExternalAccessType is the external access type used + for the listener + type: string + externalEndpoint: + description: ExternalEndpoint defines the external endpoint to connect + to the service + type: string + internalEndpoint: + description: InternalEndpoint defines the internal endpoint to connect + to the service + type: string + tls: + description: TLS defines whether tls is configured by a listener + type: boolean + type: object + serviceId: + type: string + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.0.2/crds/platform.confluent.io_migrationjobs.yaml b/base/cfk-base/2.0.2/crds/platform.confluent.io_migrationjobs.yaml new file mode 100644 index 0000000..2a50c83 --- /dev/null +++ b/base/cfk-base/2.0.2/crds/platform.confluent.io_migrationjobs.yaml @@ -0,0 +1,672 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_migrationjobs.yaml + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: migrationjobs.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: MigrationJob + listKind: MigrationJobList + plural: migrationjobs + shortNames: + - migrationjob + - migration + singular: migrationjob + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: MigrationJob is the Schema for the migrationjobs API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MigrationJobSpec defines the desired state of MigrationJob + properties: + blockReconcile: + type: boolean + connect: + description: ConnectMigrationJobSpec defines the desired state of Connect + after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must be + unique. An empty namespace is equivalent to the "default" namespace, + but "default" is the canonical representation. Not all objects + are required to be scoped to a namespace - the value of this field + for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + controlcenter: + description: ControlCenterMigrationJobSpec defines the desired state + of ControlCenter after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must be + unique. An empty namespace is equivalent to the "default" namespace, + but "default" is the canonical representation. Not all objects + are required to be scoped to a namespace - the value of this field + for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + initContainerImage: + minLength: 1 + type: string + kafka: + description: KafkaMigrationJobSpec defines the descired state of Kafka + after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must be + unique. An empty namespace is equivalent to the "default" namespace, + but "default" is the canonical representation. Not all objects + are required to be scoped to a namespace - the value of this field + for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + ksqldb: + description: KsqlDBMigrationJobSpec defines the desired state of KsqlDB + after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must be + unique. An empty namespace is equivalent to the "default" namespace, + but "default" is the canonical representation. Not all objects + are required to be scoped to a namespace - the value of this field + for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + pullSecretRef: + items: + type: string + type: array + replicator: + description: ReplicatorMigrationJobSpec defines the desired state of + Replicator after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must be + unique. An empty namespace is equivalent to the "default" namespace, + but "default" is the canonical representation. Not all objects + are required to be scoped to a namespace - the value of this field + for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + schemaRegistry: + description: SchemaRegistryMigrationJobSpec defines the desired state + of SchemaRegistry after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must be + unique. An empty namespace is equivalent to the "default" namespace, + but "default" is the canonical representation. Not all objects + are required to be scoped to a namespace - the value of this field + for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + skipCleanup: + type: boolean + skipRollback: + type: boolean + zookeeper: + description: ZookeeperMigrationJobSpec defines the desired state of + Zookeeper after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must be + unique. An empty namespace is equivalent to the "default" namespace, + but "default" is the canonical representation. Not all objects + are required to be scoped to a namespace - the value of this field + for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + required: + - initContainerImage + type: object + status: + description: MigrationJobStatus defines the observed state of MigrationJob + properties: + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + connect: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + controlcenter: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + kafka: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + ksqldb: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + phase: + type: string + replicator: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + schemaRegistry: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + zookeeper: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + required: + - phase + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.0.2/crds/platform.confluent.io_schemaregistries.yaml b/base/cfk-base/2.0.2/crds/platform.confluent.io_schemaregistries.yaml new file mode 100644 index 0000000..f0822c2 --- /dev/null +++ b/base/cfk-base/2.0.2/crds/platform.confluent.io_schemaregistries.yaml @@ -0,0 +1,2188 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_schemaregistries.yaml + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: schemaregistries.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.replicas + name: Replicas + type: string + - JSONPath: .status.readyReplicas + name: Ready + type: string + - JSONPath: .status.phase + name: Status + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.kafka.bootstrapEndpoint + name: Kafka + priority: 1 + type: string + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: SchemaRegistry + listKind: SchemaRegistryList + plural: schemaregistries + shortNames: + - schemaregistry + - sr + singular: schemaregistry + preserveUnknownFields: false + scope: Namespaced + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + validation: + openAPIV3Schema: + description: SchemaRegistry is the Schema for the schemaregistries API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SchemaRegistrySpec defines the desired state of SchemaRegistry + properties: + authentication: + description: Authentication defines the rest-endpoint configuration + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic credential + through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on the + server side only. Changes will be only reflected in ControlCenter + (C3). This configuration is ignored on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on the + server side only. This configuration is ignored on the client + side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme for Rest + Server + enum: + - basic + - mtls + type: string + required: + - type + type: object + authorization: + description: Authorization defines authorization configurations + properties: + kafkaRestClassRef: + description: KafkaRestClassRef defines the reference for KafkaRestClass + which defines Kafka Rest API + properties: + name: + description: Name defines the name of KafkaRestClass + minLength: 1 + type: string + namespace: + description: Namespace defines the namespace of the KafkaRestClass + type: string + required: + - name + type: object + type: + enum: + - rbac + type: string + required: + - type + type: object + configOverrides: + description: ConfigurationOverrides defines capability to override server/jvm/log4j + properties for each Confluent platform component. Change will roll + the cluster + properties: + jvm: + description: JVM defines a list of jvm configuration supported by + application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported by + application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + dependencies: + description: Dependencies defines all the dependencies service configuration + properties: + kafka: + description: Kafka defines kafka dependencies configuration + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: MDSDependencies defines the RBAC dependencies configurations + properties: + authentication: + description: Authentication defines MDS authentication configuration + properties: + bearer: + description: BearerAuthentication defines bearer authentication + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines the authentication type support + for MDS + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: Endpoint defines the mds endpoint + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: TokenKeyPair defines the token keypair to configure + MDS + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - authentication + - endpoint + - tokenKeyPair + type: object + type: object + externalAccess: + description: ExternalAccess defines the external access configuration + properties: + loadBalancer: + description: LoadBalancer allows to create a kubernetes load balancer + service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type load balancer + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring source + range + items: + type: string + type: array + port: + description: Port allows to configure external port for client + consumption If not configured, same internal/external port + will be configured per component Information about the port + can be retrieved through status API + format: int32 + type: integer + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port offset + to be used and will go in the increasing order with respect + to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) For Kafka with nodePort type, it will only apply to + kafka bootstrap service + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for OpenShift + Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the OpenShift + service type route + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. It defaults + to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: Type defines supported kubernetes external services + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + image: + description: Image defines application and init docker image configuration. + Change will roll the cluster + properties: + application: + description: Application defines application docker image name + pattern: .+:.+ + type: string + init: + description: Init defines init-container name + pattern: .+:.+ + type: string + pullPolicy: + description: ImagePullPolicy, One of Always, Never, IfNotPresent. + Defaults to IfNotPresent. + enum: + - Always + - Never + - IfNotPresent + type: string + pullSecretRef: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods that + reference this ServiceAccount. ImagePullSecrets are distinct from + Secrets because Secrets can be mounted in the pod, but ImagePullSecrets + are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: InjectAnnotations annotations are injected to all the internal + resources created by Operator. All the internal annotations is preserved + and forbidden to override. For pod annotations, use podTemplate.annotations + type: object + injectLabels: + additionalProperties: + type: string + description: InjectLabels labels are injected to all the internal resources + created by Operator. All the internal labels is preserved and forbidden + to override. For pod labels, use podTemplate.labels + type: object + internalTopicReplicatorFactor: + format: int32 + minimum: 1 + type: integer + k8sClusterDomain: + description: K8SClusterDomain defines configuring kubernetes cluster + domain if required. If this setting is not configured it will default + to cluster.local domain. + type: string + license: + description: License defines license configuration for Confluent platform + component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where license key is mounted. More information about + the usage be found in Confluent Operator document. + minLength: 1 + type: string + globalLicense: + description: GlobalLicense specifies whether operator pod license + will be used for this component If enabled then Confluent platform + component shares Confluent Operator license. + type: boolean + secretRef: + description: SecretRef is secret reference which provides license + for CP component More information about the license key struct + can be found in Confluent Operator document. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + metrics: + description: Metrics specifies the security settings for metric services + properties: + authentication: + description: Metrics security authentication + properties: + type: + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: Override for jmx-prometheus exporter configs + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Prometheus exporter rule override + properties: + attrNameSnakeCase: + minLength: 1 + type: string + cache: + minLength: 1 + type: string + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + minLength: 1 + type: string + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP component + (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: MountedSecrets defines list of secrets reference injected + to the the underlying statefulset configuration. The secret reference + is mounted secret mounted in default path /mnt/secrets/. + The underlying resources will follow the secret as a file configuration + as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod + Change will roll the cluster + items: + description: MountedSecrets allows provides a way to inject custom + secret to underlying statefulset. + properties: + keyItems: + description: keyItems is list of key and path names + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must + be a value between 0 and 0777. If not specified, the volume + defaultMode will be used. This might be in conflict with + other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key + to. May not be an absolute path. May not contain the path + element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: SecretRef defines the secret name referenced + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + oneReplicaPerNode: + description: OneReplicaPerNode enforces to run 1 pod per node through + pod anti-affinity capability. Enabling this configuration in existing + cluster will roll. Change will roll the cluster + type: boolean + podTemplate: + description: PodTemplate defines some statefulset pod template configuration + properties: + affinity: + description: 'Affinity is a group of affinity scheduling rules. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its + node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. + The TopologySelectorTerm type implements a subset + of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the + sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations defines an unstructured key value map + stored with a resource that may be set by external tools to store + and retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + envVars: + description: 'EnvVars defines the collection of EnvVar to inject + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Labels defines map of string keys and values that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present in + container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all + containers in a pod. Some volume types allow the Kubelet to + change the ownership of that volume to be owned by the pod: + \n 1. The owning GID will be the FSGroup 2. The setgid bit + is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership and permissions + of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence for + that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to + start the container if it does. If unset or false, no such + validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run + in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName defines priority class for the pod + (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: Probe defines some fields of standard kubernetes readiness/liveness + probe configuration. + properties: + liveness: + description: Liveness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + readiness: + description: Readiness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + type: object + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds defines grace period + for pod deletion + format: int64 + type: integer + tolerations: + description: Tolerations defines The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator . + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using the + matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to + Equal. Exists is equivalent to wildcard for value, so that + a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do + not evict). Zero and negative values will be treated as + 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraints describes how a group of + pods ought to spread across topology domains. Scheduler will schedule + pods in a way which abides by the constraints. All topologySpreadConstraints + are ANDed. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods may + be unevenly distributed. It''s the maximum permitted difference + between the number of matching pods in any two topology + domains of a given topology type. For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with the same labelSelector + spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | + - if MaxSkew is 1, incoming pod can only be scheduled to + zone3 to become 1/1/1; scheduling it onto zone1(zone2) would + make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any + zone. It''s a required field. Default value is 1 and 0 is + not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule + (default) tells the scheduler not to schedule it - ScheduleAnyway + tells the scheduler to still schedule it It''s considered + as "Unsatisfiable" if and only if placing incoming pod on + any topology violates "MaxSkew". For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with the same labelSelector + spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod + can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). + In other words, the cluster can still be imbalanced, but + scheduler won''t make it *more* imbalanced. It''s a required + field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + replicas: + description: Replicas is the desired number of replicas of the given + Template. Change will roll the cluster + format: int32 + type: integer + telemetry: + description: ConfluentTelemetry defines the confluent telemetry reporter + configuration + properties: + global: + description: Global will allow disabling telemetry configuration. + If Operator is deployed with telemetry, this field is only is + used to disabled. By default the value is true if telemetry is + enabled in global level. + type: boolean + type: object + tls: + description: TLS defines tls configuration for rest-endpoint + properties: + autoGeneratedCerts: + description: AutoGenerated if configures generates the certificates + based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where keystore/truststore.jks/jksPassword.txt keys + are mounted. CP will not configure truststore.jks can be ignored + with IgnoreTrustStoreConfig field + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the truststore + configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced for + jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced for + jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for certificates + More information about certificates key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - image + - replicas + type: object + status: + description: SchemaRegistryStatus defines the observed state of SchemaRegistry + properties: + authorizationType: + type: string + clusterName: + description: ClusterName defines the name of the cluster + type: string + clusterNamespace: + description: ClusterNamespace provides the namespace where cluster is + running + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + currentReplicas: + description: CurrentReplicas defines current running replicas + format: int32 + type: integer + groupId: + type: string + internalSecrets: + description: InternalSecrets defines the list of internal secrets created + by Operator for each CP component. + items: + type: string + type: array + internalTopicNames: + description: InternalTopicNames is a list of topics used by the component + for internal use + items: + type: string + type: array + kafka: + description: KafkaClientInfoStatus defines the kafka client side status + for all CP component + properties: + authenticationType: + description: AuthenticationType defines the authentication type + for kafka + type: string + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + type: string + tls: + description: TLS defines if tls is enabled for kafka dependency + type: boolean + type: object + metricPrefix: + type: string + operatorVersion: + description: OperatorVersion defines the internal version of operator + type: string + phase: + description: Phase defines the state of the CP component + type: string + rbac: + description: RBACInfoStatus defines RBAC related status when RBAC is + enabled + properties: + clusterId: + description: ClusterId defines the id of cluster + type: string + internalRolebindings: + description: RolebindingState defines the state of internal rolebindings + items: + type: string + type: array + type: object + readyReplicas: + description: ReadyReplicas defines current ready replicas + format: int32 + type: integer + replicas: + description: Replicas defines replicas + format: int32 + type: integer + restConfig: + description: ListenerStatus describes general information about a listeners + properties: + advertisedExternalEndpoints: + description: AdvertisedExternalEndpoints defines other advertised + endpoints, especially use for kafka + items: + type: string + type: array + authenticationType: + description: AuthenticationType defines authentication type configured + by a listener + type: string + externalAccessType: + description: ExternalAccessType is the external access type used + for the listener + type: string + externalEndpoint: + description: ExternalEndpoint defines the external endpoint to connect + to the service + type: string + internalEndpoint: + description: InternalEndpoint defines the internal endpoint to connect + to the service + type: string + tls: + description: TLS defines whether tls is configured by a listener + type: boolean + type: object + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.0.2/crds/platform.confluent.io_zookeepers.yaml b/base/cfk-base/2.0.2/crds/platform.confluent.io_zookeepers.yaml new file mode 100644 index 0000000..19b661d --- /dev/null +++ b/base/cfk-base/2.0.2/crds/platform.confluent.io_zookeepers.yaml @@ -0,0 +1,1666 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_zookeepers.yaml + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: zookeepers.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.replicas + name: Replicas + type: string + - JSONPath: .status.readyReplicas + name: Ready + type: string + - JSONPath: .status.phase + name: Status + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.endpoint + name: Endpoint + priority: 1 + type: string + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: Zookeeper + listKind: ZookeeperList + plural: zookeepers + shortNames: + - zookeeper + - zk + singular: zookeeper + preserveUnknownFields: false + scope: Namespaced + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + validation: + openAPIV3Schema: + description: Zookeeper is the Schema for the zookeepers API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ZookeeperSpec defines the desired state of Confluent Platform + (CP) component, Zookeeper + properties: + authentication: + description: Authentication defines support authentication configuration + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass required + credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced for + authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + principalMappingRules: + items: + type: string + type: array + type: + description: Type defines supported kafka authentication types + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + configOverrides: + description: ConfigurationOverrides defines capability to override server/jvm/log4j + properties for each Confluent platform component. Change will roll + the cluster + properties: + jvm: + description: JVM defines a list of jvm configuration supported by + application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported by + application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + dataVolumeCapacity: + anyOf: + - type: integer + - type: string + description: DataVolumeCapacity defines the data volume size + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + image: + description: Image defines application and init docker image configuration. + Change will roll the cluster + properties: + application: + description: Application defines application docker image name + pattern: .+:.+ + type: string + init: + description: Init defines init-container name + pattern: .+:.+ + type: string + pullPolicy: + description: ImagePullPolicy, One of Always, Never, IfNotPresent. + Defaults to IfNotPresent. + enum: + - Always + - Never + - IfNotPresent + type: string + pullSecretRef: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods that + reference this ServiceAccount. ImagePullSecrets are distinct from + Secrets because Secrets can be mounted in the pod, but ImagePullSecrets + are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: InjectAnnotations annotations are injected to all the internal + resources created by Operator. All the internal annotations is preserved + and forbidden to override. For pod annotations, use podTemplate.annotations + type: object + injectLabels: + additionalProperties: + type: string + description: InjectLabels labels are injected to all the internal resources + created by Operator. All the internal labels is preserved and forbidden + to override. For pod labels, use podTemplate.labels + type: object + k8sClusterDomain: + description: K8SClusterDomain defines configuring kubernetes cluster + domain if required. If this setting is not configured it will default + to cluster.local domain. + type: string + license: + description: License defines license configuration for Confluent platform + component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where license key is mounted. More information about + the usage be found in Confluent Operator document. + minLength: 1 + type: string + globalLicense: + description: GlobalLicense specifies whether operator pod license + will be used for this component If enabled then Confluent platform + component shares Confluent Operator license. + type: boolean + secretRef: + description: SecretRef is secret reference which provides license + for CP component More information about the license key struct + can be found in Confluent Operator document. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + logVolumeCapacity: + anyOf: + - type: integer + - type: string + description: LogVolumeCapacity defines the log volume size + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + metrics: + description: Metrics specifies the security settings for metric services + properties: + authentication: + description: Metrics security authentication + properties: + type: + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: Override for jmx-prometheus exporter configs + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Prometheus exporter rule override + properties: + attrNameSnakeCase: + minLength: 1 + type: string + cache: + minLength: 1 + type: string + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + minLength: 1 + type: string + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP component + (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: MountedSecrets defines list of secrets reference injected + to the the underlying statefulset configuration. The secret reference + is mounted secret mounted in default path /mnt/secrets/. + The underlying resources will follow the secret as a file configuration + as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod + Change will roll the cluster + items: + description: MountedSecrets allows provides a way to inject custom + secret to underlying statefulset. + properties: + keyItems: + description: keyItems is list of key and path names + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must + be a value between 0 and 0777. If not specified, the volume + defaultMode will be used. This might be in conflict with + other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key + to. May not be an absolute path. May not contain the path + element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: SecretRef defines the secret name referenced + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + oneReplicaPerNode: + description: OneReplicaPerNode enforces to run 1 pod per node through + pod anti-affinity capability. Enabling this configuration in existing + cluster will roll. Change will roll the cluster + type: boolean + podTemplate: + description: PodTemplate defines some statefulset pod template configuration + properties: + affinity: + description: 'Affinity is a group of affinity scheduling rules. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its + node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. + The TopologySelectorTerm type implements a subset + of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the + sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations defines an unstructured key value map + stored with a resource that may be set by external tools to store + and retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + envVars: + description: 'EnvVars defines the collection of EnvVar to inject + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Labels defines map of string keys and values that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present in + container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all + containers in a pod. Some volume types allow the Kubelet to + change the ownership of that volume to be owned by the pod: + \n 1. The owning GID will be the FSGroup 2. The setgid bit + is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership and permissions + of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence for + that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to + start the container if it does. If unset or false, no such + validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run + in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName defines priority class for the pod + (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: Probe defines some fields of standard kubernetes readiness/liveness + probe configuration. + properties: + liveness: + description: Liveness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + readiness: + description: Readiness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + type: object + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds defines grace period + for pod deletion + format: int64 + type: integer + tolerations: + description: Tolerations defines The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator . + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using the + matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to + Equal. Exists is equivalent to wildcard for value, so that + a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do + not evict). Zero and negative values will be treated as + 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraints describes how a group of + pods ought to spread across topology domains. Scheduler will schedule + pods in a way which abides by the constraints. All topologySpreadConstraints + are ANDed. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods may + be unevenly distributed. It''s the maximum permitted difference + between the number of matching pods in any two topology + domains of a given topology type. For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with the same labelSelector + spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | + - if MaxSkew is 1, incoming pod can only be scheduled to + zone3 to become 1/1/1; scheduling it onto zone1(zone2) would + make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any + zone. It''s a required field. Default value is 1 and 0 is + not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule + (default) tells the scheduler not to schedule it - ScheduleAnyway + tells the scheduler to still schedule it It''s considered + as "Unsatisfiable" if and only if placing incoming pod on + any topology violates "MaxSkew". For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with the same labelSelector + spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod + can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). + In other words, the cluster can still be imbalanced, but + scheduler won''t make it *more* imbalanced. It''s a required + field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + replicas: + description: Replicas is the desired number of replicas of the given + Template. Change will roll the cluster + format: int32 + type: integer + storageClass: + description: StorageClass defines the user provided storage class. If + not configured, it will use default storage class. + properties: + name: + description: Name defines name is the storage class reference name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLS defines TLS setting + properties: + autoGeneratedCerts: + description: AutoGenerated if configures generates the certificates + based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where keystore/truststore.jks/jksPassword.txt keys + are mounted. CP will not configure truststore.jks can be ignored + with IgnoreTrustStoreConfig field + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the truststore + configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced for + jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced for + jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for certificates + More information about certificates key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - dataVolumeCapacity + - image + - logVolumeCapacity + - replicas + type: object + status: + description: ZookeeperStatus defines the observed state of Zookeeper + properties: + authenticationType: + type: string + authorizationType: + type: string + clusterName: + description: ClusterName defines the name of the cluster + type: string + clusterNamespace: + description: ClusterNamespace provides the namespace where cluster is + running + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + currentReplicas: + description: CurrentReplicas defines current running replicas + format: int32 + type: integer + endpoint: + type: string + internalSecrets: + description: InternalSecrets defines the list of internal secrets created + by Operator for each CP component. + items: + type: string + type: array + internalTopicNames: + description: InternalTopicNames is a list of topics used by the component + for internal use + items: + type: string + type: array + myIdOffset: + description: MyIdOffset myid offset configuration + format: int32 + type: integer + operatorVersion: + description: OperatorVersion defines the internal version of operator + type: string + phase: + description: Phase defines the state of the CP component + type: string + readyReplicas: + description: ReadyReplicas defines current ready replicas + format: int32 + type: integer + replicas: + description: Replicas defines replicas + format: int32 + type: integer + tls: + type: boolean + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.0.2/templates/clusterrole.yaml b/base/cfk-base/2.0.2/templates/clusterrole.yaml new file mode 100644 index 0000000..2715f3e --- /dev/null +++ b/base/cfk-base/2.0.2/templates/clusterrole.yaml @@ -0,0 +1,118 @@ +--- +# Source: confluent-for-kubernetes/templates/clusterrole.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: confluent-for-kubernetes + app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: confluent-for-kubernetes-0.174.21 + name: confluent-operator +rules: +- apiGroups: + - cluster.confluent.com + resources: + - zookeeperclusters + - zookeeperclusters/status + - zookeeperclusters/scale + - zookeeperclusters/finalizers + - kafkaclusters + - kafkaclusters/status + - kafkaclusters/scale + - kafkaclusters/finalizers + verbs: + - '*' +- apiGroups: + - operator.confluent.cloud + resources: + - physicalstatefulclusters + - physicalstatefulclusters/scale + - physicalstatefulclusters/status + - physicalstatefulclusters/finalizers + verbs: + - '*' +- apiGroups: + - platform.confluent.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - route.openshift.io + resources: + - routes + - routes/custom-host + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - apps + resources: + - statefulsets + - statefulsets/scale + - statefulsets/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps + - events + - persistentvolumeclaims + - secrets + - secrets/finalizers + - pods + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - networking.k8s.io + resources: + - ingresses + - ingresses/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get diff --git a/base/cfk-base/2.0.2/templates/clusterrolebinding.yaml b/base/cfk-base/2.0.2/templates/clusterrolebinding.yaml new file mode 100644 index 0000000..46979ad --- /dev/null +++ b/base/cfk-base/2.0.2/templates/clusterrolebinding.yaml @@ -0,0 +1,21 @@ +--- +# Source: confluent-for-kubernetes/templates/clusterrolebinding.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: + app: confluent-for-kubernetes + app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: confluent-for-kubernetes-0.174.21 + name: confluent-operator +subjects: +- kind: ServiceAccount + name: confluent-for-kubernetes + namespace: default +roleRef: + kind: ClusterRole + name: confluent-operator + apiGroup: rbac.authorization.k8s.io diff --git a/base/cfk-base/2.0.2/templates/deployment.yaml b/base/cfk-base/2.0.2/templates/deployment.yaml new file mode 100644 index 0000000..5e5154c --- /dev/null +++ b/base/cfk-base/2.0.2/templates/deployment.yaml @@ -0,0 +1,82 @@ +--- +# Source: confluent-for-kubernetes/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: confluent-for-kubernetes + app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: confluent-for-kubernetes-0.174.21 + version: 0.174.21 + name: confluent-operator + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: "confluent-operator" + app.kubernetes.io/instance: release-name + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: + prometheus.io/path: "/metrics" + prometheus.io/port: "7778" + prometheus.io/scrape: "true" + labels: + app: "confluent-operator" + app.kubernetes.io/name: "confluent-operator" + app.kubernetes.io/instance: release-name + confluent-platform: "true" + version: 0.174.21 + spec: + securityContext: + fsGroup: 1001 + runAsNonRoot: true + runAsUser: 1001 + containers: + - args: + - --debug=false + name: confluent-operator + image: docker.io/confluentinc/confluent-operator:0.174.21 + imagePullPolicy: IfNotPresent + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + readinessProbe: + httpGet: + port: 8080 + path: /readyz + livenessProbe: + httpGet: + port: 8080 + path: /healthz + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: NODEIP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_ENTITY_ID + valueFrom: + fieldRef: + fieldPath: metadata.uid + serviceAccountName: confluent-for-kubernetes + restartPolicy: Always + terminationGracePeriodSeconds: 30 diff --git a/base/cfk-base/2.0.2/templates/kustomization.yaml b/base/cfk-base/2.0.2/templates/kustomization.yaml new file mode 100644 index 0000000..e9867e7 --- /dev/null +++ b/base/cfk-base/2.0.2/templates/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - licensing.yaml + - clusterrole.yaml + - clusterrolebinding.yaml + - deployment.yaml + - service.yaml + - serviceaccount.yaml diff --git a/base/cfk-base/2.0.2/templates/licensing.yaml b/base/cfk-base/2.0.2/templates/licensing.yaml new file mode 100644 index 0000000..8ba8d67 --- /dev/null +++ b/base/cfk-base/2.0.2/templates/licensing.yaml @@ -0,0 +1,17 @@ +--- +# Source: confluent-for-kubernetes/templates/licensing.yaml +apiVersion: v1 +kind: Secret +metadata: + labels: + app: confluent-for-kubernetes + app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: confluent-for-kubernetes-0.174.21 + namespace: default + name: confluent-operator-licensing +type: Opaque +data: + publicKey.pem: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF2YUd5OFRPZGJDTXlTTTd6cVpzeApuNjJ5dUUrQmhJUGxjOXo5Y3RyWCt0QldOQ0NKZVBaYktIVFpTOXVLTGVLVWk5dTA3dHMvMzVYUm5FNEFURDZxCmx3am5Tb0pPa2VJWGNZaUorWEdFeE4xb1JFOFJsNW90dmRtSkVzYjlZNkpzZmUybFJDQ3NaTng2azFzMU5tUUYKUjR3blJpS3lsSWlZSjl1V1VHZkgxOEpLWnFNOHo5UXFrWi8relFrekhOWXNYbi9ZeVJ1RElRWGVVU2VjaHI5MwpKanQ3OUFpa3NraWNvVDA0bHF6L0dhSHoyV0pFeXV2TExFMWpOQk9Db21LbDA1UWIreXZKbUdudC83SFg2SFQ3CjNobkNYYnNsd3R6cDBDbWVHT2lKUmJKeGJhaGtURnFoMW9LcVpYVURDWnJLQ05OUnZYcU4vUUhxbmF3bzZrSnkKOHdJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0t diff --git a/base/cfk-base/2.0.2/templates/service.yaml b/base/cfk-base/2.0.2/templates/service.yaml new file mode 100644 index 0000000..9d11a6d --- /dev/null +++ b/base/cfk-base/2.0.2/templates/service.yaml @@ -0,0 +1,24 @@ +--- +# Source: confluent-for-kubernetes/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + labels: + app: confluent-for-kubernetes + app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: confluent-for-kubernetes-0.174.21 + name: confluent-operator + namespace: default +spec: + ports: + - name: http-metric + port: 7778 + protocol: TCP + targetPort: 7778 + selector: + app: "confluent-operator" + app.kubernetes.io/name: "confluent-operator" + type: ClusterIP diff --git a/base/cfk-base/2.0.2/templates/serviceaccount.yaml b/base/cfk-base/2.0.2/templates/serviceaccount.yaml new file mode 100644 index 0000000..8851aa1 --- /dev/null +++ b/base/cfk-base/2.0.2/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +--- +# Source: confluent-for-kubernetes/templates/serviceaccount.yaml +apiVersion: v1 +imagePullSecrets: +- name: confluent-registry +kind: ServiceAccount +metadata: + labels: + app: confluent-for-kubernetes + app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: confluent-for-kubernetes-0.174.21 + name: confluent-for-kubernetes + namespace: default diff --git a/base/cfk-base/2.0.3/crds/kustomization.yaml b/base/cfk-base/2.0.3/crds/kustomization.yaml new file mode 100644 index 0000000..2ad3673 --- /dev/null +++ b/base/cfk-base/2.0.3/crds/kustomization.yaml @@ -0,0 +1,13 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - platform.confluent.io_confluentrolebindings.yaml + - platform.confluent.io_connects.yaml + - platform.confluent.io_controlcenters.yaml + - platform.confluent.io_kafkarestclasses.yaml + - platform.confluent.io_kafkas.yaml + - platform.confluent.io_kafkatopics.yaml + - platform.confluent.io_ksqldbs.yaml + - platform.confluent.io_migrationjobs.yaml + - platform.confluent.io_schemaregistries.yaml + - platform.confluent.io_zookeepers.yaml diff --git a/base/cfk-base/2.0.3/crds/platform.confluent.io_confluentrolebindings.yaml b/base/cfk-base/2.0.3/crds/platform.confluent.io_confluentrolebindings.yaml new file mode 100644 index 0000000..fbd2bbf --- /dev/null +++ b/base/cfk-base/2.0.3/crds/platform.confluent.io_confluentrolebindings.yaml @@ -0,0 +1,252 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_confluentrolebindings.yaml + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: confluentrolebindings.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.state + name: Status + type: string + - JSONPath: .status.kafkaClusterId + name: KafkaClusterId + type: string + - JSONPath: .status.principal + name: Principal + type: string + - JSONPath: .status.role + name: Role + type: string + - JSONPath: .status.kafkaRestClass + name: KafkaRestClass + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.clusterRegistryName + name: ClusterRegistryName + priority: 1 + type: string + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: ConfluentRolebinding + listKind: ConfluentRolebindingList + plural: confluentrolebindings + shortNames: + - cfrb + - confluentrolebinding + singular: confluentrolebinding + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: ConfluentRolebinding is the Schema for the confluentrolebinding + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ConfluentRolebindingSpec defines the desired state of rolebinding + for cp component when rbac is enabled + properties: + clustersScopeByIds: + description: ClusterScope defines the scope of clustersId + properties: + connectClusterId: + minLength: 1 + type: string + kafkaClusterId: + minLength: 1 + type: string + ksqlClusterId: + minLength: 1 + type: string + schemaRegistryClusterId: + minLength: 1 + type: string + type: object + clustersScopeByRegistryName: + description: ClusterRegistryName defines the unique cluster name customer + registered in cluster registry + minLength: 1 + type: string + kafkaRestClassRef: + description: KafkaRestClassRef defines the reference for KafkaRestClass + which defines Kafka Rest API + properties: + name: + description: Name defines the name of KafkaRestClass + minLength: 1 + type: string + namespace: + description: Namespace defines the namespace of the KafkaRestClass + type: string + required: + - name + type: object + principal: + description: Principal defines the confluent rolebinding principal name + and the binding details. + properties: + name: + description: Name defines the name of the principal(user/group) + minLength: 1 + type: string + type: + enum: + - user + - group + type: string + required: + - name + - type + type: object + resourcePatterns: + description: ResourcePatterns define the qualified resources associated + with this rolebinding + items: + description: ResourcePattern define the qualified resource info associated + with this rolebinding + properties: + name: + description: Name defines the name of resource associated with + this rolebinding + minLength: 1 + type: string + patternType: + description: PatternType defines whether the pattern of resource + is PREFIXED or LITERAL, default is LITERAL if not set + enum: + - PREFIXED + - LITERAL + type: string + resourceType: + description: ResourceType defines the type of resource + minLength: 1 + type: string + required: + - name + - resourceType + type: object + type: array + role: + description: Role defines the name of the Role + minLength: 1 + type: string + required: + - principal + - role + type: object + status: + description: ConfluentRolebindingStatus defines the observed state of ConfluentRolebinding + properties: + clusterRegistryName: + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + kafkaClusterId: + type: string + kafkaRestClass: + type: string + mdsEndpoint: + type: string + principal: + type: string + resourcePatterns: + items: + description: ResourcePattern define the qualified resource info associated + with this rolebinding + properties: + name: + description: Name defines the name of resource associated with + this rolebinding + minLength: 1 + type: string + patternType: + description: PatternType defines whether the pattern of resource + is PREFIXED or LITERAL, default is LITERAL if not set + enum: + - PREFIXED + - LITERAL + type: string + resourceType: + description: ResourceType defines the type of resource + minLength: 1 + type: string + required: + - name + - resourceType + type: object + type: array + role: + type: string + state: + type: string + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.0.3/crds/platform.confluent.io_connects.yaml b/base/cfk-base/2.0.3/crds/platform.confluent.io_connects.yaml new file mode 100644 index 0000000..42c6afb --- /dev/null +++ b/base/cfk-base/2.0.3/crds/platform.confluent.io_connects.yaml @@ -0,0 +1,2957 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_connects.yaml + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: connects.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.replicas + name: Replicas + type: string + - JSONPath: .status.readyReplicas + name: Ready + type: string + - JSONPath: .status.phase + name: Status + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.kafka.bootstrapEndpoint + name: Kafka + priority: 1 + type: string + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: Connect + listKind: ConnectList + plural: connects + shortNames: + - connect + singular: connect + preserveUnknownFields: false + scope: Namespaced + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + validation: + openAPIV3Schema: + description: Connect is the Schema for the Connects API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ConnectSpec defines the desired state of Connect + properties: + authentication: + description: Rest server security fields + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic credential + through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on the + server side only. Changes will be only reflected in ControlCenter + (C3). This configuration is ignored on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on the + server side only. This configuration is ignored on the client + side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme for Rest + Server + enum: + - basic + - mtls + type: string + required: + - type + type: object + authorization: + description: Authorization + properties: + kafkaRestClassRef: + description: KafkaRestClassRef defines the reference for KafkaRestClass + which defines Kafka Rest API + properties: + name: + description: Name defines the name of KafkaRestClass + minLength: 1 + type: string + namespace: + description: Namespace defines the namespace of the KafkaRestClass + type: string + required: + - name + type: object + type: + enum: + - rbac + type: string + required: + - type + type: object + configOverrides: + description: ConfigurationOverrides defines capability to override server/jvm/log4j + properties for each Confluent platform component. Change will roll + the cluster + properties: + jvm: + description: JVM defines a list of jvm configuration supported by + application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported by + application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + connectorOverridePolicy: + description: ConnectorOverridePolicy allows policy to permit per-connector + override configuration for producer/consumer/admin prefix. More information + can be found here, https://docs.confluent.io/platform/current/connect/security.html#separate-principals + enum: + - All + - Principal + type: string + dependencies: + description: ConnectDependencies holds dependencies a connect requires + or can enable + properties: + admin: + description: configure admin client If bootstrapEndpoint is not + configured, the security is configured based on the kafka dependencies + configuration. Configure if different bootstrapEndpoint is required + for admin client + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + consumer: + description: Consumer security configuration to connect to Kafka + Cluster pointed by bootstrapEndpoint, used for sink connectors. + If bootstrapEndpoint is not configured, the security is configured + based on the kafka dependencies configuration. Configure if different + bootstrapEndpoint is required for consumer + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + interceptor: + description: configure confluent monitoring interceptor + properties: + configs: + description: Configs defines configs for the CP interceptor + Config override feature can be used to pass config + items: + type: string + type: array + consumer: + description: Consumer defines the consumer configuration for + interceptor. If not configured it will use the kafka dependency + configuration + properties: + authentication: + description: Authentication defines the authentication for + the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's + JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference + to pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete + JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability + to discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is + running Uses the same namespace where Operator is + running if not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side + TLS setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + enabled: + description: Enabled defines to enable the CP interceptor configuration + type: boolean + producer: + description: Producer defines the producer configuration for + interceptor. If not configured it will use the kafka dependency + configuration + properties: + authentication: + description: Authentication defines the authentication for + the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's + JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference + to pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete + JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability + to discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is + running Uses the same namespace where Operator is + running if not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side + TLS setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + publishMs: + type: integer + required: + - enabled + type: object + kafka: + description: Connect dependency for connecting to kafka. Uses discovery + if that specified + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: Mds configurations for when RBAC is enabled + properties: + authentication: + description: Authentication defines MDS authentication configuration + properties: + bearer: + description: BearerAuthentication defines bearer authentication + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines the authentication type support + for MDS + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: Endpoint defines the mds endpoint + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: TokenKeyPair defines the token keypair to configure + MDS + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - authentication + - endpoint + - tokenKeyPair + type: object + producer: + description: Producer security configuration to connect to Kafka + Cluster pointed by bootstrapEndpoint, used for source connectors. + If bootstrapEndpoint is not configured, the security is configured + based on the kafka dependencies configuration. Configure if different + bootstrapEndpoint/security is required for producer + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + schemaRegistry: + description: configure connect dependency for schemaregistry + properties: + authentication: + description: Authentication defines the authentication for the + schemaregistry cluster + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass + basic credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles + on the server side only. Changes will be only reflected + in ControlCenter (C3). This configuration is ignored + on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is ignored + on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for schemaregistry cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - url + type: object + type: object + enableSchemas: + description: EnableSchemas defines whether to enable scheme or not + type: boolean + externalAccess: + description: CPExternalAccess holds all external access policies for + non-kafka components + properties: + loadBalancer: + description: LoadBalancer allows to create a kubernetes load balancer + service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type load balancer + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring source + range + items: + type: string + type: array + port: + description: Port allows to configure external port for client + consumption If not configured, same internal/external port + will be configured per component Information about the port + can be retrieved through status API + format: int32 + type: integer + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port offset + to be used and will go in the increasing order with respect + to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) For Kafka with nodePort type, it will only apply to + kafka bootstrap service + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for OpenShift + Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the OpenShift + service type route + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. It defaults + to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: Type defines supported kubernetes external services + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + image: + description: Image defines application and init docker image configuration. + Change will roll the cluster + properties: + application: + description: Application defines application docker image name + pattern: .+:.+ + type: string + init: + description: Init defines init-container name + pattern: .+:.+ + type: string + pullPolicy: + description: ImagePullPolicy, One of Always, Never, IfNotPresent. + Defaults to IfNotPresent. + enum: + - Always + - Never + - IfNotPresent + type: string + pullSecretRef: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods that + reference this ServiceAccount. ImagePullSecrets are distinct from + Secrets because Secrets can be mounted in the pod, but ImagePullSecrets + are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: InjectAnnotations annotations are injected to all the internal + resources created by Operator. All the internal annotations is preserved + and forbidden to override. For pod annotations, use podTemplate.annotations + type: object + injectLabels: + additionalProperties: + type: string + description: InjectLabels labels are injected to all the internal resources + created by Operator. All the internal labels is preserved and forbidden + to override. For pod labels, use podTemplate.labels + type: object + internalTopicReplicationFactor: + description: ' InternalTopicReplicationFactor defines internal topic + replication factor If not configured, it will be configured as 3' + format: int32 + type: integer + k8sClusterDomain: + description: K8SClusterDomain defines configuring kubernetes cluster + domain if required. If this setting is not configured it will default + to cluster.local domain. + type: string + keyConverterType: + description: KeyConverter defines the supported converters package for + CP platform Supported converter types here, https://docs.confluent.io/current/connect/concepts.html#connect-converters + By default, it is configured as org.apache.kafka.connect.json.JsonConverter + minLength: 1 + type: string + license: + description: License defines license configuration for Confluent platform + component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where license key is mounted. More information about + the usage be found in Confluent Operator document. + minLength: 1 + type: string + globalLicense: + description: GlobalLicense specifies whether operator pod license + will be used for this component If enabled then Confluent platform + component shares Confluent Operator license. + type: boolean + secretRef: + description: SecretRef is secret reference which provides license + for CP component More information about the license key struct + can be found in Confluent Operator document. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + metrics: + description: Metrics specifies the security settings for metric services + properties: + authentication: + description: Metrics security authentication + properties: + type: + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: Override for jmx-prometheus exporter configs + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Prometheus exporter rule override + properties: + attrNameSnakeCase: + minLength: 1 + type: string + cache: + minLength: 1 + type: string + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + minLength: 1 + type: string + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP component + (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: MountedSecrets defines list of secrets reference injected + to the the underlying statefulset configuration. The secret reference + is mounted secret mounted in default path /mnt/secrets/. + The underlying resources will follow the secret as a file configuration + as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod + Change will roll the cluster + items: + description: MountedSecrets allows provides a way to inject custom + secret to underlying statefulset. + properties: + keyItems: + description: keyItems is list of key and path names + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must + be a value between 0 and 0777. If not specified, the volume + defaultMode will be used. This might be in conflict with + other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key + to. May not be an absolute path. May not contain the path + element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: SecretRef defines the secret name referenced + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + oneReplicaPerNode: + description: OneReplicaPerNode enforces to run 1 pod per node through + pod anti-affinity capability. Enabling this configuration in existing + cluster will roll. Change will roll the cluster + type: boolean + podTemplate: + description: PodTemplate defines some statefulset pod template configuration + properties: + affinity: + description: 'Affinity is a group of affinity scheduling rules. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its + node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. + The TopologySelectorTerm type implements a subset + of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the + sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations defines an unstructured key value map + stored with a resource that may be set by external tools to store + and retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + envVars: + description: 'EnvVars defines the collection of EnvVar to inject + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Labels defines map of string keys and values that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present in + container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all + containers in a pod. Some volume types allow the Kubelet to + change the ownership of that volume to be owned by the pod: + \n 1. The owning GID will be the FSGroup 2. The setgid bit + is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership and permissions + of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence for + that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to + start the container if it does. If unset or false, no such + validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run + in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName defines priority class for the pod + (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: Probe defines some fields of standard kubernetes readiness/liveness + probe configuration. + properties: + liveness: + description: Liveness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + readiness: + description: Readiness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + type: object + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds defines grace period + for pod deletion + format: int64 + type: integer + tolerations: + description: Tolerations defines The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator . + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using the + matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to + Equal. Exists is equivalent to wildcard for value, so that + a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do + not evict). Zero and negative values will be treated as + 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraints describes how a group of + pods ought to spread across topology domains. Scheduler will schedule + pods in a way which abides by the constraints. All topologySpreadConstraints + are ANDed. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods may + be unevenly distributed. It''s the maximum permitted difference + between the number of matching pods in any two topology + domains of a given topology type. For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with the same labelSelector + spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | + - if MaxSkew is 1, incoming pod can only be scheduled to + zone3 to become 1/1/1; scheduling it onto zone1(zone2) would + make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any + zone. It''s a required field. Default value is 1 and 0 is + not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule + (default) tells the scheduler not to schedule it - ScheduleAnyway + tells the scheduler to still schedule it It''s considered + as "Unsatisfiable" if and only if placing incoming pod on + any topology violates "MaxSkew". For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with the same labelSelector + spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod + can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). + In other words, the cluster can still be imbalanced, but + scheduler won''t make it *more* imbalanced. It''s a required + field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + replicas: + description: Replicas is the desired number of replicas of the given + Template. Change will roll the cluster + format: int32 + type: integer + telemetry: + description: ConfluentTelemetry defines the confluent telemetry reporter + configuration + properties: + global: + description: Global will allow disabling telemetry configuration. + If Operator is deployed with telemetry, this field is only is + used to disabled. By default the value is true if telemetry is + enabled in global level. + type: boolean + type: object + tls: + description: TLS allows configuring CP Component's server configuration + properties: + autoGeneratedCerts: + description: AutoGenerated if configures generates the certificates + based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where keystore/truststore.jks/jksPassword.txt keys + are mounted. CP will not configure truststore.jks can be ignored + with IgnoreTrustStoreConfig field + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the truststore + configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced for + jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced for + jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for certificates + More information about certificates key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + valueConverterType: + description: ValueConverter defines the supported converters package + for CP platform Supported converter types here, https://docs.confluent.io/current/connect/concepts.html#connect-converters + By default, it is configured as org.apache.kafka.connect.json.JsonConverter + minLength: 1 + type: string + required: + - image + - replicas + type: object + status: + description: ConnectStatus defines the observed state of Connect + properties: + authorizationType: + type: string + clusterName: + description: ClusterName defines the name of the cluster + type: string + clusterNamespace: + description: ClusterNamespace provides the namespace where cluster is + running + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + currentReplicas: + description: CurrentReplicas defines current running replicas + format: int32 + type: integer + groupId: + type: string + internalSecrets: + description: InternalSecrets defines the list of internal secrets created + by Operator for each CP component. + items: + type: string + type: array + internalTopicNames: + description: InternalTopicNames is a list of topics used by the component + for internal use + items: + type: string + type: array + kafka: + description: KafkaClientInfoStatus defines the kafka client side status + for all CP component + properties: + authenticationType: + description: AuthenticationType defines the authentication type + for kafka + type: string + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + type: string + tls: + description: TLS defines if tls is enabled for kafka dependency + type: boolean + type: object + operatorVersion: + description: OperatorVersion defines the internal version of operator + type: string + phase: + description: Phase defines the state of the CP component + type: string + rbac: + description: RBACInfoStatus defines RBAC related status when RBAC is + enabled + properties: + clusterId: + description: ClusterId defines the id of cluster + type: string + internalRolebindings: + description: RolebindingState defines the state of internal rolebindings + items: + type: string + type: array + type: object + readyReplicas: + description: ReadyReplicas defines current ready replicas + format: int32 + type: integer + replicas: + description: Replicas defines replicas + format: int32 + type: integer + restConfig: + description: ListenerStatus describes general information about a listeners + properties: + advertisedExternalEndpoints: + description: AdvertisedExternalEndpoints defines other advertised + endpoints, especially use for kafka + items: + type: string + type: array + authenticationType: + description: AuthenticationType defines authentication type configured + by a listener + type: string + externalAccessType: + description: ExternalAccessType is the external access type used + for the listener + type: string + externalEndpoint: + description: ExternalEndpoint defines the external endpoint to connect + to the service + type: string + internalEndpoint: + description: InternalEndpoint defines the internal endpoint to connect + to the service + type: string + tls: + description: TLS defines whether tls is configured by a listener + type: boolean + type: object + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.0.3/crds/platform.confluent.io_controlcenters.yaml b/base/cfk-base/2.0.3/crds/platform.confluent.io_controlcenters.yaml new file mode 100644 index 0000000..0f18682 --- /dev/null +++ b/base/cfk-base/2.0.3/crds/platform.confluent.io_controlcenters.yaml @@ -0,0 +1,2898 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_controlcenters.yaml + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: controlcenters.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.replicas + name: Replicas + type: string + - JSONPath: .status.readyReplicas + name: Ready + type: string + - JSONPath: .status.phase + name: Status + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.kafka.bootstrapEndpoint + name: Kafka + priority: 1 + type: string + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: ControlCenter + listKind: ControlCenterList + plural: controlcenters + shortNames: + - controlcenter + - c3 + singular: controlcenter + preserveUnknownFields: false + scope: Namespaced + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + validation: + openAPIV3Schema: + description: ControlCenter is the Schema for the controlcenter API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ControlCenterSpec defines the desired state of ControlCenter + properties: + authentication: + description: Authentication defines the rest-endpoint configuration + properties: + basic: + description: BasicAuthentication defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic credential + through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on the + server side only. Changes will be only reflected in ControlCenter + (C3). This configuration is ignored on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on the + server side only. This configuration is ignored on the client + side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + ldap: + description: C3LdapAuthentication defines ldap authentication + properties: + property: + additionalProperties: + type: string + description: Property defines all the properties for LDAP configuration + Make sure to use secret object to pass username/password + type: object + restrictedRoles: + description: RestrictedRoles defines restricted access roles + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on the + server side only. + items: + type: string + minItems: 1 + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - basic + - ldap + - mtls + type: string + required: + - type + type: object + authorization: + description: Authorization defines authorization configurations + properties: + kafkaRestClassRef: + description: KafkaRestClassRef defines the reference for KafkaRestClass + which defines Kafka Rest API + properties: + name: + description: Name defines the name of KafkaRestClass + minLength: 1 + type: string + namespace: + description: Namespace defines the namespace of the KafkaRestClass + type: string + required: + - name + type: object + type: + enum: + - rbac + type: string + required: + - type + type: object + configOverrides: + description: ConfigurationOverrides defines capability to override server/jvm/log4j + properties for each Confluent platform component. Change will roll + the cluster + properties: + jvm: + description: JVM defines a list of jvm configuration supported by + application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported by + application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + dataVolumeCapacity: + anyOf: + - type: integer + - type: string + description: DataVolumeCapacity defines the data size for PV + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + dependencies: + description: Dependencies defines all the dependencies service configuration + properties: + connect: + description: Connect defines connect worker dependencies configuration + items: + description: ControlCenterConnectDependency + properties: + authentication: + description: Authentication defines the authentication for + the connect cluster + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass + basic credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles + on the server side only. Changes will be only reflected + in ControlCenter (C3). This configuration is ignored + on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is ignored + on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + name: + description: Name defines the cluster name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + tls: + description: TLSDependencyConfig defines the client side TLS + setting for connect cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - name + - url + type: object + type: array + kafka: + description: Kafka defines kafka dependencies configuration + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + ksqldb: + description: KsqlDB defines ksqldb dependencies configuration + items: + description: ControlCenterKSQLDependency + properties: + advertisedUrl: + description: AdvertisedURL defines the advertised url to use + in browser. + minLength: 1 + pattern: ^https?://.* + type: string + authentication: + description: Authentication defines the authentication for + the ksqldb cluster + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass + basic credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles + on the server side only. Changes will be only reflected + in ControlCenter (C3). This configuration is ignored + on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is ignored + on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + name: + description: Name defines the cluster name + minLength: 1 + type: string + tls: + description: TLSDependencyConfig defines the client side TLS + setting for ksqldb cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - name + - url + type: object + type: array + mds: + description: MDSDependencies defines the RBAC dependencies configurations + properties: + authentication: + description: Authentication defines MDS authentication configuration + properties: + bearer: + description: BearerAuthentication defines bearer authentication + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines the authentication type support + for MDS + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: Endpoint defines the mds endpoint + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: TokenKeyPair defines the token keypair to configure + MDS + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - authentication + - endpoint + - tokenKeyPair + type: object + schemaRegistry: + description: SchemaRegistry defines schema registry dependencies + configuration + properties: + authentication: + description: Authentication defines the authentication for the + schemaregistry cluster + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass + basic credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles + on the server side only. Changes will be only reflected + in ControlCenter (C3). This configuration is ignored + on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is ignored + on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + clusters: + items: + description: ControlCenterMultiSchemaRegistryDependency + properties: + authentication: + description: Authentication defines the authentication + for the schemaregistry cluster + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to + pass basic credential through directory path + in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted + roles on the server side only. Changes will + be only reflected in ControlCenter (C3). This + configuration is ignored on the client side + configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration + is ignored on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication + scheme for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + name: + description: Name defines the cluster name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + tls: + description: TLSDependencyConfig defines the client side + TLS setting for schemaregistry cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the + directory path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration + for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure + ignores the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name + referenced for jks password More information + about jks password key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - name + - url + type: object + type: array + tls: + description: TLSDependencyConfig defines the client side TLS + setting for schemaregistry cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - url + type: object + type: object + externalAccess: + description: ExternalAccess defines the external access configuration + properties: + loadBalancer: + description: LoadBalancer allows to create a kubernetes load balancer + service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type load balancer + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring source + range + items: + type: string + type: array + port: + description: Port allows to configure external port for client + consumption If not configured, same internal/external port + will be configured per component Information about the port + can be retrieved through status API + format: int32 + type: integer + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port offset + to be used and will go in the increasing order with respect + to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) For Kafka with nodePort type, it will only apply to + kafka bootstrap service + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for OpenShift + Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the OpenShift + service type route + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. It defaults + to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: Type defines supported kubernetes external services + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + id: + description: ControlCenterID identifier used as a prefix so that multiple + instances of Control Center can co-exist. + format: int32 + type: integer + image: + description: Image defines application and init docker image configuration. + Change will roll the cluster + properties: + application: + description: Application defines application docker image name + pattern: .+:.+ + type: string + init: + description: Init defines init-container name + pattern: .+:.+ + type: string + pullPolicy: + description: ImagePullPolicy, One of Always, Never, IfNotPresent. + Defaults to IfNotPresent. + enum: + - Always + - Never + - IfNotPresent + type: string + pullSecretRef: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods that + reference this ServiceAccount. ImagePullSecrets are distinct from + Secrets because Secrets can be mounted in the pod, but ImagePullSecrets + are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: InjectAnnotations annotations are injected to all the internal + resources created by Operator. All the internal annotations is preserved + and forbidden to override. For pod annotations, use podTemplate.annotations + type: object + injectLabels: + additionalProperties: + type: string + description: InjectLabels labels are injected to all the internal resources + created by Operator. All the internal labels is preserved and forbidden + to override. For pod labels, use podTemplate.labels + type: object + internalTopicReplicatorFactor: + format: int32 + type: integer + k8sClusterDomain: + description: K8SClusterDomain defines configuring kubernetes cluster + domain if required. If this setting is not configured it will default + to cluster.local domain. + type: string + license: + description: License defines license configuration for Confluent platform + component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where license key is mounted. More information about + the usage be found in Confluent Operator document. + minLength: 1 + type: string + globalLicense: + description: GlobalLicense specifies whether operator pod license + will be used for this component If enabled then Confluent platform + component shares Confluent Operator license. + type: boolean + secretRef: + description: SecretRef is secret reference which provides license + for CP component More information about the license key struct + can be found in Confluent Operator document. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + mail: + description: ControlCenterSMTPServer, these settings control the SMTP + server and account used when an alerts triggers the email action. + properties: + authentication: + description: Authentication SMTP supports basic authentication support + only For other types of authentication use config overrides capability. + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic + credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on + the server side only. Changes will be only reflected in + ControlCenter (C3). This configuration is ignored on the + client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on + the server side only. This configuration is ignored on + the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme for + Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + checkServerIdentity: + description: CheckServerIdentity forces validation of server’s certificate + when using STARTTLS or SSL. + type: boolean + hostname: + description: Hostname of outgoing SMTP server + minLength: 1 + type: string + mailBounceAddress: + description: MailBounceAddress override for MailFrom config to send + message + minLength: 1 + type: string + mailFrom: + description: MailFrom the originating address for emails sent from + Control Center. + minLength: 1 + type: string + port: + description: Port SMTP port open on for hostname + format: int32 + type: integer + startTLSRequired: + description: StartTLSRequired forces using STARTTLS. + type: boolean + required: + - hostname + type: object + metrics: + description: Metrics specifies the security settings for metric services + properties: + authentication: + description: Metrics security authentication + properties: + type: + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: Override for jmx-prometheus exporter configs + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Prometheus exporter rule override + properties: + attrNameSnakeCase: + minLength: 1 + type: string + cache: + minLength: 1 + type: string + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + minLength: 1 + type: string + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP component + (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + monitoringKafkaClusters: + description: MonitoringKafkaClusters defines configuring monitoring + clusters + items: + description: MonitoringKafkaClusters kafka cluster configuration + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + name: + description: Name defines the cluster name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + tls: + description: TLSDependencyConfig defines the client side TLS setting + for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + required: + - name + type: object + type: array + mountedSecrets: + description: MountedSecrets defines list of secrets reference injected + to the the underlying statefulset configuration. The secret reference + is mounted secret mounted in default path /mnt/secrets/. + The underlying resources will follow the secret as a file configuration + as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod + Change will roll the cluster + items: + description: MountedSecrets allows provides a way to inject custom + secret to underlying statefulset. + properties: + keyItems: + description: keyItems is list of key and path names + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must + be a value between 0 and 0777. If not specified, the volume + defaultMode will be used. This might be in conflict with + other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key + to. May not be an absolute path. May not contain the path + element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: SecretRef defines the secret name referenced + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + name: + description: ControlCenterName name of the cluster + type: string + oneReplicaPerNode: + description: OneReplicaPerNode enforces to run 1 pod per node through + pod anti-affinity capability. Enabling this configuration in existing + cluster will roll. Change will roll the cluster + type: boolean + podTemplate: + description: PodTemplate defines some statefulset pod template configuration + properties: + affinity: + description: 'Affinity is a group of affinity scheduling rules. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its + node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. + The TopologySelectorTerm type implements a subset + of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the + sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations defines an unstructured key value map + stored with a resource that may be set by external tools to store + and retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + envVars: + description: 'EnvVars defines the collection of EnvVar to inject + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Labels defines map of string keys and values that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present in + container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all + containers in a pod. Some volume types allow the Kubelet to + change the ownership of that volume to be owned by the pod: + \n 1. The owning GID will be the FSGroup 2. The setgid bit + is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership and permissions + of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence for + that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to + start the container if it does. If unset or false, no such + validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run + in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName defines priority class for the pod + (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: Probe defines some fields of standard kubernetes readiness/liveness + probe configuration. + properties: + liveness: + description: Liveness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + readiness: + description: Readiness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + type: object + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds defines grace period + for pod deletion + format: int64 + type: integer + tolerations: + description: Tolerations defines The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator . + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using the + matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to + Equal. Exists is equivalent to wildcard for value, so that + a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do + not evict). Zero and negative values will be treated as + 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraints describes how a group of + pods ought to spread across topology domains. Scheduler will schedule + pods in a way which abides by the constraints. All topologySpreadConstraints + are ANDed. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods may + be unevenly distributed. It''s the maximum permitted difference + between the number of matching pods in any two topology + domains of a given topology type. For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with the same labelSelector + spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | + - if MaxSkew is 1, incoming pod can only be scheduled to + zone3 to become 1/1/1; scheduling it onto zone1(zone2) would + make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any + zone. It''s a required field. Default value is 1 and 0 is + not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule + (default) tells the scheduler not to schedule it - ScheduleAnyway + tells the scheduler to still schedule it It''s considered + as "Unsatisfiable" if and only if placing incoming pod on + any topology violates "MaxSkew". For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with the same labelSelector + spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod + can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). + In other words, the cluster can still be imbalanced, but + scheduler won''t make it *more* imbalanced. It''s a required + field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + replicas: + description: Replicas is the desired number of replicas of the given + Template. Change will roll the cluster + format: int32 + type: integer + storageClass: + description: StorageClass defines user provided storage class reference + properties: + name: + description: Name defines name is the storage class reference name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + telemetry: + description: ConfluentTelemetry defines the confluent telemetry reporter + configuration + properties: + global: + description: Global will allow disabling telemetry configuration. + If Operator is deployed with telemetry, this field is only is + used to disabled. By default the value is true if telemetry is + enabled in global level. + type: boolean + type: object + tls: + description: TLS defines tls configuration for rest-endpoint + properties: + autoGeneratedCerts: + description: AutoGenerated if configures generates the certificates + based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where keystore/truststore.jks/jksPassword.txt keys + are mounted. CP will not configure truststore.jks can be ignored + with IgnoreTrustStoreConfig field + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the truststore + configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced for + jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced for + jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for certificates + More information about certificates key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - dataVolumeCapacity + - image + - replicas + type: object + status: + description: ControlCenterStatus defines the observed state of ControlCenter + properties: + authorizationType: + type: string + clusterName: + description: ClusterName defines the name of the cluster + type: string + clusterNamespace: + description: ClusterNamespace provides the namespace where cluster is + running + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + controlCenterName: + type: string + currentReplicas: + description: CurrentReplicas defines current running replicas + format: int32 + type: integer + id: + format: int32 + type: integer + internalSecrets: + description: InternalSecrets defines the list of internal secrets created + by Operator for each CP component. + items: + type: string + type: array + internalTopicNames: + description: InternalTopicNames is a list of topics used by the component + for internal use + items: + type: string + type: array + kafka: + description: KafkaClientInfoStatus defines the kafka client side status + for all CP component + properties: + authenticationType: + description: AuthenticationType defines the authentication type + for kafka + type: string + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + type: string + tls: + description: TLS defines if tls is enabled for kafka dependency + type: boolean + type: object + operatorVersion: + description: OperatorVersion defines the internal version of operator + type: string + phase: + description: Phase defines the state of the CP component + type: string + rbac: + description: RBACInfoStatus defines RBAC related status when RBAC is + enabled + properties: + clusterId: + description: ClusterId defines the id of cluster + type: string + internalRolebindings: + description: RolebindingState defines the state of internal rolebindings + items: + type: string + type: array + type: object + readyReplicas: + description: ReadyReplicas defines current ready replicas + format: int32 + type: integer + replicas: + description: Replicas defines replicas + format: int32 + type: integer + restConfig: + description: ListenerStatus describes general information about a listeners + properties: + advertisedExternalEndpoints: + description: AdvertisedExternalEndpoints defines other advertised + endpoints, especially use for kafka + items: + type: string + type: array + authenticationType: + description: AuthenticationType defines authentication type configured + by a listener + type: string + externalAccessType: + description: ExternalAccessType is the external access type used + for the listener + type: string + externalEndpoint: + description: ExternalEndpoint defines the external endpoint to connect + to the service + type: string + internalEndpoint: + description: InternalEndpoint defines the internal endpoint to connect + to the service + type: string + tls: + description: TLS defines whether tls is configured by a listener + type: boolean + type: object + required: + - id + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.0.3/crds/platform.confluent.io_kafkarestclasses.yaml b/base/cfk-base/2.0.3/crds/platform.confluent.io_kafkarestclasses.yaml new file mode 100644 index 0000000..56f6cf4 --- /dev/null +++ b/base/cfk-base/2.0.3/crds/platform.confluent.io_kafkarestclasses.yaml @@ -0,0 +1,326 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_kafkarestclasses.yaml + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: kafkarestclasses.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: KafkaRestClass + listKind: KafkaRestClassList + plural: kafkarestclasses + shortNames: + - krc + - kafkarestclass + singular: kafkarestclass + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: KafkaRestClass is the Schema for the kafkarestclasses API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KafkaRestClassSpec defines the desired state of KafkaRestClass + properties: + kafkaClusterRef: + description: KafkaClusterRef defines the name of the kafka cluster + properties: + name: + description: Name defines name of the Kafka cluster + minLength: 1 + type: string + namespace: + description: Namespace defines namespace where kafka cluster is + running + minLength: 1 + type: string + required: + - name + type: object + kafkaRest: + description: KafkaRestApiInfo defines Kafka Rest API configuration + properties: + authentication: + description: Authentication defines authentication of Kafka Rest + API + properties: + basic: + description: KafkaRestBasicAuthentication defines basic authentication + properties: + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + bearer: + description: KafkaRestBearerAuthentication defines bearer authentication, + used by MDS clients when RBAC enabled + properties: + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: + enum: + - basic + - bearer + type: string + required: + - type + type: object + endpoint: + description: Endpoint defines where confluent Kafka Rest API is + running + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: TLSDependencyConfig defines the client side tls configuration + to connect to Kafka Rest API + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + secondaryKafkaClusterRef: + description: SecondaryKafkaClusterRef defines the name of the secondary + kafka cluster when using centralized RBAC + properties: + name: + description: Name defines name of the Kafka cluster + minLength: 1 + type: string + namespace: + description: Namespace defines namespace where kafka cluster is + running + minLength: 1 + type: string + required: + - name + type: object + secondaryKafkaRest: + description: SeconaryKafkaRestApiInfo defines secondary Kafka Rest API + configuration when using centralized RBAC + properties: + authentication: + description: Authentication defines authentication of Kafka Rest + API + properties: + basic: + description: KafkaRestBasicAuthentication defines basic authentication + properties: + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + bearer: + description: KafkaRestBearerAuthentication defines bearer authentication, + used by MDS clients when RBAC enabled + properties: + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: + enum: + - basic + - bearer + type: string + required: + - type + type: object + endpoint: + description: Endpoint defines where confluent Kafka Rest API is + running + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: TLSDependencyConfig defines the client side tls configuration + to connect to Kafka Rest API + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + type: object + status: + description: KafkaRestClassStatus defines the observed state of KafkaRestClass + properties: + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + endpoint: + description: Endpoint defines the kafkarest/mds endpoint + type: string + kafkaClusterId: + description: KafkaClusterId defines the cluster id of kafka cluster + If using centralized RBAC and kafkarestclass is for secondary kafka + cluster, it will be clusterId of secondary kafka cluster + type: string + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.0.3/crds/platform.confluent.io_kafkas.yaml b/base/cfk-base/2.0.3/crds/platform.confluent.io_kafkas.yaml new file mode 100644 index 0000000..44f4cce --- /dev/null +++ b/base/cfk-base/2.0.3/crds/platform.confluent.io_kafkas.yaml @@ -0,0 +1,4133 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_kafkas.yaml + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: kafkas.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.replicas + name: Replicas + type: string + - JSONPath: .status.readyReplicas + name: Ready + type: string + - JSONPath: .status.phase + name: Status + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.zookeeperConnect + name: Zookeeper + priority: 1 + type: string + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: Kafka + listKind: KafkaList + plural: kafkas + shortNames: + - kafka + - broker + singular: kafka + preserveUnknownFields: false + scope: Namespaced + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + validation: + openAPIV3Schema: + description: Kafka is the Schema for the kafkas API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KafkaSpec defines the desired state of CP component, Kafka + Server + properties: + authorization: + description: Authorization defines authorization support + properties: + superUsers: + description: SuperUsers defines list of supers user to give admin + privilege on the Kafka Cluster This list takes the format as User: + items: + type: string + type: array + type: + enum: + - rbac + - simple + type: string + required: + - type + type: object + configOverrides: + description: ConfigurationOverrides defines capability to override server/jvm/log4j + properties for each Confluent platform component. Change will roll + the cluster + properties: + jvm: + description: JVM defines a list of jvm configuration supported by + application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported by + application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + dataVolumeCapacity: + anyOf: + - type: integer + - type: string + description: DataVolumeCapacity defines the PV capacity. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + dependencies: + description: Dependencies defines all the kafka dependencies like zookeeper + and centralized MDS settings + properties: + kafkaRest: + description: KafkaRestApiClientDep provides rest client auth for + MDS when RBAC is enabled + properties: + authentication: + description: Authentication defines authentication of Kafka + Rest API + properties: + bearer: + description: BearerAuthentication defines bearer authentication + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines the authentication type support + for MDS + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: Endpoint defines where confluent Kafka Rest API + is running + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: TLSDependencyConfig defines the client side tls + configuration to connect to Kafka Rest API + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: KafkaPrimaryMetaDataServerDep configure a secondary + Kafka cluster managed by the MDS of the primary Kafka cluster + properties: + endpoint: + description: URLEndpoint defines the URL endpoint in format + http|s://:port + minLength: 1 + pattern: ^https?://.* + type: string + kafka: + description: KafkaClientDependency allows configuring CP component + dependency to configure kafka settings + properties: + authentication: + description: Authentication defines the authentication for + the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's + JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference + to pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete + JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability + to discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is + running Uses the same namespace where Operator is + running if not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side + TLS setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: MDSTokenKeyPair load either through secretRef or + directory path + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - endpoint + - kafka + - tokenKeyPair + type: object + schemaRegistry: + description: SchemaRegistryClientDependency allows configuring CP + component dependency to configure schemaRegistry settings + properties: + authentication: + description: Authentication defines the authentication for the + schemaregistry cluster + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass + basic credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles + on the server side only. Changes will be only reflected + in ControlCenter (C3). This configuration is ignored + on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is ignored + on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for schemaregistry cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - url + type: object + zookeeper: + description: KafkaZookeeperDependencies + properties: + authentication: + description: KafkaClientAuthentication defines the authentication + structure for all dependent CP Component for Kafka Cluster. + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + discovery: + description: Discovery discover structure used by Confluent + platform (CP) + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + endpoint: + description: Endpoint defines the endpoint for service is format + endpoint:port + minLength: 1 + pattern: .+:[0-9]+ + type: string + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + type: object + image: + description: Image defines application and init docker image configuration. + Change will roll the cluster + properties: + application: + description: Application defines application docker image name + pattern: .+:.+ + type: string + init: + description: Init defines init-container name + pattern: .+:.+ + type: string + pullPolicy: + description: ImagePullPolicy, One of Always, Never, IfNotPresent. + Defaults to IfNotPresent. + enum: + - Always + - Never + - IfNotPresent + type: string + pullSecretRef: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods that + reference this ServiceAccount. ImagePullSecrets are distinct from + Secrets because Secrets can be mounted in the pod, but ImagePullSecrets + are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: InjectAnnotations annotations are injected to all the internal + resources created by Operator. All the internal annotations is preserved + and forbidden to override. For pod annotations, use podTemplate.annotations + type: object + injectLabels: + additionalProperties: + type: string + description: InjectLabels labels are injected to all the internal resources + created by Operator. All the internal labels is preserved and forbidden + to override. For pod labels, use podTemplate.labels + type: object + k8sClusterDomain: + description: K8SClusterDomain defines configuring kubernetes cluster + domain if required. If this setting is not configured it will default + to cluster.local domain. + type: string + license: + description: License defines license configuration for Confluent platform + component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where license key is mounted. More information about + the usage be found in Confluent Operator document. + minLength: 1 + type: string + globalLicense: + description: GlobalLicense specifies whether operator pod license + will be used for this component If enabled then Confluent platform + component shares Confluent Operator license. + type: boolean + secretRef: + description: SecretRef is secret reference which provides license + for CP component More information about the license key struct + can be found in Confluent Operator document. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + listeners: + description: Listeners defines listeners configurations + properties: + custom: + items: + description: KafkaCustomListener ... + properties: + authentication: + description: KafkaZkAuthentication defines authentication + structure for Kafka/ZK cluster. + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to + pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + principalMappingRules: + items: + type: string + type: array + type: + description: Type defines supported kafka authentication + types + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + externalAccess: + description: KafkaExternalAccess allows to configure external + access for Kafka cluster + properties: + loadBalancer: + description: LoadBalancer allows to create a kubernetes + load balancer service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations + for the kubernetes service type load balancer + type: object + bootstrapPrefix: + description: BootstrapPrefix defines the prefix for + bootstrap advertised endpoint and will be added + as bootstrapPrefix.domain If not configured it will + be the cluster name of CR + minLength: 1 + type: string + brokerPrefix: + description: 'BrokerPrefix defines the prefix for + broker advertised endpoint and will be added as + brokerPrefix.domain If not configured, it will add + b as a prefix, like b#.domain where # will start + from 0 to replicas count' + minLength: 1 + type: string + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring + source range + items: + type: string + type: array + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on + service's port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed + names such as mycompany.com/my-custom-protocol. + Field can be enabled with ServiceAppProtocol + feature gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which + this service is exposed when type=NodePort + or LoadBalancer. Usually assigned by the system. + If specified, it will be allocated to the + service if unused or else creation of the + service will fail. Default is to auto-allocate + a port if the ServiceType of this Service + requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. + Supports "TCP", "UDP", and "SCTP". Default + is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to + access on the pods targeted by the service. + Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. If this is a string, + it will be looked up as a named port in the + target Pod''s container ports. If this is + not specified, the value of the ''port'' field + is used (an identity map). This field is ignored + for services with clusterIP=None, and should + be omitted or set equal to the ''port'' field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node + port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations + for the kubernetes service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port + offset to be used and will go in the increasing + order with respect to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) For Kafka with nodePort type, it + will only apply to kafka bootstrap service + items: + description: ServicePort contains information on + service's port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed + names such as mycompany.com/my-custom-protocol. + Field can be enabled with ServiceAppProtocol + feature gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which + this service is exposed when type=NodePort + or LoadBalancer. Usually assigned by the system. + If specified, it will be allocated to the + service if unused or else creation of the + service will fail. Default is to auto-allocate + a port if the ServiceType of this Service + requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. + Supports "TCP", "UDP", and "SCTP". Default + is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to + access on the pods targeted by the service. + Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. If this is a string, + it will be looked up as a named port in the + target Pod''s container ports. If this is + not specified, the value of the ''port'' field + is used (an identity map). This field is ignored + for services with clusterIP=None, and should + be omitted or set equal to the ''port'' field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for + OpenShift Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations + for the OpenShift service type route + type: object + bootstrapPrefix: + description: BootstrapPrefix defines the prefix for + bootstrap advertised endpoint and will be added + as bootstrapPrefix.domain If not configured it will + be the cluster name of CR + minLength: 1 + type: string + brokerPrefix: + description: 'BrokerPrefix defines the prefix for + broker advertised endpoint and will be added as + brokerPrefix.domain If not configured, it will add + b as a prefix, like b#.domain where # will start + from 0 to replicas count' + minLength: 1 + type: string + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. + It defaults to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + staticForHostBasedRouting: + description: StaticForHostBasedRouting allows to integrate + with external ingress controllers by doing host based + routing through SNI capability. With this schema, operator + configures kafka advertised listeners only and no kubernetes + external service will be created. + properties: + brokerPrefix: + description: 'BrokerPrefix defines the prefix for + broker advertised endpoint and will be added as + brokerPrefix.domain If not configured, it will add + b as a prefix, like b#.domain where # will start + from 0 to replicas count' + minLength: 1 + type: string + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + port: + description: Port defines the port to be used in the + advertised listener for a broker + format: int32 + type: integer + required: + - domain + - port + type: object + staticForPortBasedRouting: + description: StaticForPortBasedRouting allows to enable + external access by port routing With this schema, operator + configures kafka advertised listeners only and no kubernetes + external service will be created. + properties: + host: + description: Host defines the host name to be used + in the advertised listener for a broker + minLength: 1 + type: string + portOffset: + description: PortOffset defines the portOffset to + be used and will go in the increasing order with + respect to the replicas count + format: int32 + type: integer + required: + - host + - portOffset + type: object + type: + description: Type defines supported kubernetes external + services + enum: + - loadBalancer + - nodePort + - route + - staticForPortBasedRouting + - staticForHostBasedRouting + type: string + required: + - type + type: object + name: + description: Name defines the name of the custom listener + internal/external/token can't be used as they are reserved + by the Operator + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + port: + description: Port will bind given port to the custom listener. + Port < 9093 is reserved by the Operator + format: int32 + minimum: 9093 + type: integer + tls: + description: ClientTLSConfig defines TLS configuration for + CP component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + required: + - name + - port + type: object + type: array + external: + description: KafkaExternalAccessListener is the kafka specific external + listener + properties: + authentication: + description: KafkaZkAuthentication defines authentication structure + for Kafka/ZK cluster. + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + principalMappingRules: + items: + type: string + type: array + type: + description: Type defines supported kafka authentication + types + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + externalAccess: + description: KafkaExternalAccess allows to configure external + access for Kafka cluster + properties: + loadBalancer: + description: LoadBalancer allows to create a kubernetes + load balancer service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type load balancer + type: object + bootstrapPrefix: + description: BootstrapPrefix defines the prefix for + bootstrap advertised endpoint and will be added as + bootstrapPrefix.domain If not configured it will be + the cluster name of CR + minLength: 1 + type: string + brokerPrefix: + description: 'BrokerPrefix defines the prefix for broker + advertised endpoint and will be added as brokerPrefix.domain + If not configured, it will add b as a prefix, like + b#.domain where # will start from 0 to replicas count' + minLength: 1 + type: string + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring + source range + items: + type: string + type: array + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. Field + can be enabled with ServiceAppProtocol feature + gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type=NodePort or LoadBalancer. + Usually assigned by the system. If specified, + it will be allocated to the service if unused + or else creation of the service will fail. Default + is to auto-allocate a port if the ServiceType + of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number + must be in the range 1 to 65535. Name must be + an IANA_SVC_NAME. If this is a string, it will + be looked up as a named port in the target Pod''s + container ports. If this is not specified, the + value of the ''port'' field is used (an identity + map). This field is ignored for services with + clusterIP=None, and should be omitted or set + equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node + port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port + offset to be used and will go in the increasing order + with respect to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) For Kafka with nodePort type, it will + only apply to kafka bootstrap service + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. Field + can be enabled with ServiceAppProtocol feature + gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type=NodePort or LoadBalancer. + Usually assigned by the system. If specified, + it will be allocated to the service if unused + or else creation of the service will fail. Default + is to auto-allocate a port if the ServiceType + of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number + must be in the range 1 to 65535. Name must be + an IANA_SVC_NAME. If this is a string, it will + be looked up as a named port in the target Pod''s + container ports. If this is not specified, the + value of the ''port'' field is used (an identity + map). This field is ignored for services with + clusterIP=None, and should be omitted or set + equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for + OpenShift Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the OpenShift service type route + type: object + bootstrapPrefix: + description: BootstrapPrefix defines the prefix for + bootstrap advertised endpoint and will be added as + bootstrapPrefix.domain If not configured it will be + the cluster name of CR + minLength: 1 + type: string + brokerPrefix: + description: 'BrokerPrefix defines the prefix for broker + advertised endpoint and will be added as brokerPrefix.domain + If not configured, it will add b as a prefix, like + b#.domain where # will start from 0 to replicas count' + minLength: 1 + type: string + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. + It defaults to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + staticForHostBasedRouting: + description: StaticForHostBasedRouting allows to integrate + with external ingress controllers by doing host based + routing through SNI capability. With this schema, operator + configures kafka advertised listeners only and no kubernetes + external service will be created. + properties: + brokerPrefix: + description: 'BrokerPrefix defines the prefix for broker + advertised endpoint and will be added as brokerPrefix.domain + If not configured, it will add b as a prefix, like + b#.domain where # will start from 0 to replicas count' + minLength: 1 + type: string + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + port: + description: Port defines the port to be used in the + advertised listener for a broker + format: int32 + type: integer + required: + - domain + - port + type: object + staticForPortBasedRouting: + description: StaticForPortBasedRouting allows to enable + external access by port routing With this schema, operator + configures kafka advertised listeners only and no kubernetes + external service will be created. + properties: + host: + description: Host defines the host name to be used in + the advertised listener for a broker + minLength: 1 + type: string + portOffset: + description: PortOffset defines the portOffset to be + used and will go in the increasing order with respect + to the replicas count + format: int32 + type: integer + required: + - host + - portOffset + type: object + type: + description: Type defines supported kubernetes external + services + enum: + - loadBalancer + - nodePort + - route + - staticForPortBasedRouting + - staticForHostBasedRouting + type: string + required: + - type + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + internal: + description: Listener is the base fields for component listener + configuration + properties: + authentication: + description: KafkaZkAuthentication defines authentication structure + for Kafka/ZK cluster. + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + principalMappingRules: + items: + type: string + type: array + type: + description: Type defines supported kafka authentication + types + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + type: object + metricReporter: + description: MetricsReporter defines the metric reporter configuration + which will be enabled by default, and piggyback internal listener's + authentication and TLS if it is not set + properties: + authentication: + description: KafkaClientAuthentication defines the authentication + structure for all dependent CP Component for Kafka Cluster. + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + type: string + enabled: + type: boolean + replicationFactor: + format: int32 + type: integer + tls: + description: ClientTLSConfig defines TLS configuration for CP component + (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + required: + - enabled + type: object + metrics: + description: Metrics specifies the security settings for metric services + properties: + authentication: + description: Metrics security authentication + properties: + type: + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: Override for jmx-prometheus exporter configs + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Prometheus exporter rule override + properties: + attrNameSnakeCase: + minLength: 1 + type: string + cache: + minLength: 1 + type: string + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + minLength: 1 + type: string + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP component + (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: MountedSecrets defines list of secrets reference injected + to the the underlying statefulset configuration. The secret reference + is mounted secret mounted in default path /mnt/secrets/. + The underlying resources will follow the secret as a file configuration + as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod + Change will roll the cluster + items: + description: MountedSecrets allows provides a way to inject custom + secret to underlying statefulset. + properties: + keyItems: + description: keyItems is list of key and path names + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must + be a value between 0 and 0777. If not specified, the volume + defaultMode will be used. This might be in conflict with + other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key + to. May not be an absolute path. May not contain the path + element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: SecretRef defines the secret name referenced + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + oneReplicaPerNode: + description: OneReplicaPerNode enforces to run 1 pod per node through + pod anti-affinity capability. Enabling this configuration in existing + cluster will roll. Change will roll the cluster + type: boolean + podTemplate: + description: PodTemplate defines some statefulset pod template configuration + properties: + affinity: + description: 'Affinity is a group of affinity scheduling rules. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its + node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. + The TopologySelectorTerm type implements a subset + of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the + sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations defines an unstructured key value map + stored with a resource that may be set by external tools to store + and retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + envVars: + description: 'EnvVars defines the collection of EnvVar to inject + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Labels defines map of string keys and values that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present in + container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all + containers in a pod. Some volume types allow the Kubelet to + change the ownership of that volume to be owned by the pod: + \n 1. The owning GID will be the FSGroup 2. The setgid bit + is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership and permissions + of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence for + that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to + start the container if it does. If unset or false, no such + validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run + in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName defines priority class for the pod + (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: Probe defines some fields of standard kubernetes readiness/liveness + probe configuration. + properties: + liveness: + description: Liveness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + readiness: + description: Readiness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + type: object + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds defines grace period + for pod deletion + format: int64 + type: integer + tolerations: + description: Tolerations defines The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator . + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using the + matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to + Equal. Exists is equivalent to wildcard for value, so that + a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do + not evict). Zero and negative values will be treated as + 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraints describes how a group of + pods ought to spread across topology domains. Scheduler will schedule + pods in a way which abides by the constraints. All topologySpreadConstraints + are ANDed. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods may + be unevenly distributed. It''s the maximum permitted difference + between the number of matching pods in any two topology + domains of a given topology type. For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with the same labelSelector + spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | + - if MaxSkew is 1, incoming pod can only be scheduled to + zone3 to become 1/1/1; scheduling it onto zone1(zone2) would + make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any + zone. It''s a required field. Default value is 1 and 0 is + not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule + (default) tells the scheduler not to schedule it - ScheduleAnyway + tells the scheduler to still schedule it It''s considered + as "Unsatisfiable" if and only if placing incoming pod on + any topology violates "MaxSkew". For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with the same labelSelector + spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod + can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). + In other words, the cluster can still be imbalanced, but + scheduler won''t make it *more* imbalanced. It''s a required + field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + rackAssignment: + description: RackAssignment defines the rack awareness capability for + kafka + properties: + availabilityZoneCount: + description: AvailabilityZoneCount if configured will configure + broker.rack with formula (pod_id % azCount) this is mainly for + backwards compatibility with Operator 1.0 + format: int32 + type: integer + nodeLabels: + description: NodeLabels if configured uses the kubernetes node APIs + to to retrieve the value to be used in the broker.rack. This feature + requires Confluent Operaotr to run in cluster-level access + items: + type: string + minItems: 1 + type: array + type: object + replicas: + description: Replicas is the desired number of replicas of the given + Template. Change will roll the cluster + format: int32 + type: integer + services: + description: KafkaServices defines services supported part of kafka + properties: + kafkaRest: + description: RestApiServer embedded rest api server + properties: + authentication: + description: RestServerAuthentication server authentication + support to the CP Component + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass + basic credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles + on the server side only. Changes will be only reflected + in ControlCenter (C3). This configuration is ignored + on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is ignored + on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest Server + enum: + - basic + - mtls + type: string + required: + - type + type: object + externalAccess: + description: CPExternalAccess holds all external access policies + for non-kafka components + properties: + loadBalancer: + description: LoadBalancer allows to create a kubernetes + load balancer service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type load balancer + type: object + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring + source range + items: + type: string + type: array + port: + description: Port allows to configure external port + for client consumption If not configured, same internal/external + port will be configured per component Information + about the port can be retrieved through status API + format: int32 + type: integer + prefix: + description: Prefix will add prefix when configured + for the given domain If prefix is not configured, + the name of the cluster will be used as a default + value + minLength: 1 + type: string + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. Field + can be enabled with ServiceAppProtocol feature + gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type=NodePort or LoadBalancer. + Usually assigned by the system. If specified, + it will be allocated to the service if unused + or else creation of the service will fail. Default + is to auto-allocate a port if the ServiceType + of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number + must be in the range 1 to 65535. Name must be + an IANA_SVC_NAME. If this is a string, it will + be looked up as a named port in the target Pod''s + container ports. If this is not specified, the + value of the ''port'' field is used (an identity + map). This field is ignored for services with + clusterIP=None, and should be omitted or set + equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node + port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port + offset to be used and will go in the increasing order + with respect to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) For Kafka with nodePort type, it will + only apply to kafka bootstrap service + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. Field + can be enabled with ServiceAppProtocol feature + gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type=NodePort or LoadBalancer. + Usually assigned by the system. If specified, + it will be allocated to the service if unused + or else creation of the service will fail. Default + is to auto-allocate a port if the ServiceType + of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number + must be in the range 1 to 65535. Name must be + an IANA_SVC_NAME. If this is a string, it will + be looked up as a named port in the target Pod''s + container ports. If this is not specified, the + value of the ''port'' field is used (an identity + map). This field is ignored for services with + clusterIP=None, and should be omitted or set + equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for + OpenShift Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the OpenShift service type route + type: object + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + prefix: + description: Prefix will add prefix when configured + for the given domain If prefix is not configured, + the name of the cluster will be used as a default + value + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. + It defaults to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: Type defines supported kubernetes external + services + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: MetaDataServer + properties: + authentication: + description: MDSAuthentication supported MDS server configuration + properties: + type: + enum: + - bearer + type: string + required: + - type + type: object + externalAccess: + description: CPExternalAccess holds all external access policies + for non-kafka components + properties: + loadBalancer: + description: LoadBalancer allows to create a kubernetes + load balancer service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type load balancer + type: object + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring + source range + items: + type: string + type: array + port: + description: Port allows to configure external port + for client consumption If not configured, same internal/external + port will be configured per component Information + about the port can be retrieved through status API + format: int32 + type: integer + prefix: + description: Prefix will add prefix when configured + for the given domain If prefix is not configured, + the name of the cluster will be used as a default + value + minLength: 1 + type: string + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. Field + can be enabled with ServiceAppProtocol feature + gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type=NodePort or LoadBalancer. + Usually assigned by the system. If specified, + it will be allocated to the service if unused + or else creation of the service will fail. Default + is to auto-allocate a port if the ServiceType + of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number + must be in the range 1 to 65535. Name must be + an IANA_SVC_NAME. If this is a string, it will + be looked up as a named port in the target Pod''s + container ports. If this is not specified, the + value of the ''port'' field is used (an identity + map). This field is ignored for services with + clusterIP=None, and should be omitted or set + equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node + port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port + offset to be used and will go in the increasing order + with respect to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) For Kafka with nodePort type, it will + only apply to kafka bootstrap service + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. Field + can be enabled with ServiceAppProtocol feature + gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type=NodePort or LoadBalancer. + Usually assigned by the system. If specified, + it will be allocated to the service if unused + or else creation of the service will fail. Default + is to auto-allocate a port if the ServiceType + of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number + must be in the range 1 to 65535. Name must be + an IANA_SVC_NAME. If this is a string, it will + be looked up as a named port in the target Pod''s + container ports. If this is not specified, the + value of the ''port'' field is used (an identity + map). This field is ignored for services with + clusterIP=None, and should be omitted or set + equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for + OpenShift Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the OpenShift service type route + type: object + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + prefix: + description: Prefix will add prefix when configured + for the given domain If prefix is not configured, + the name of the cluster will be used as a default + value + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. + It defaults to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: Type defines supported kubernetes external + services + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + provider: + properties: + ldap: + description: LdapService LDAP configuration for RBAC + properties: + address: + type: string + authentication: + description: LdapAuthentication supported ldap configuration + for RBAC + properties: + simple: + description: LdapSimpleAuthentication load credential + either for secret or directory path in container + for RBAC + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - simple + - mtls + type: string + required: + - type + type: object + configurations: + description: LdapSettings ldap configurations for CP + RBAC. Anything missing can be passed through configOverride + capability + properties: + groupMemberAttribute: + minLength: 1 + type: string + groupMemberAttributePattern: + minLength: 1 + type: string + groupNameAttribute: + minLength: 1 + type: string + groupObjectClass: + minLength: 1 + type: string + groupSearchBase: + minLength: 1 + type: string + groupSearchFilter: + minLength: 1 + type: string + groupSearchScope: + format: int32 + type: integer + userMemberOfAttributePattern: + minLength: 1 + type: string + userNameAttribute: + minLength: 1 + type: string + userObjectClass: + minLength: 1 + type: string + userSearchBase: + minLength: 1 + type: string + userSearchFilter: + minLength: 1 + type: string + userSearchScope: + format: int32 + type: integer + type: object + tls: + description: ClientTLSConfig defines TLS configuration + for CP component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the + directory path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration + for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure + ignores the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name + referenced for jks password + properties: + secretRef: + description: SecretRef defines the secret name + referenced for jks password More information + about jks password key/value format can be + found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + required: + - address + - authentication + - configurations + type: object + type: + enum: + - ldap + type: string + required: + - ldap + - type + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: MDSTokenKeyPair load either through secretRef or + directory path + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - provider + - tokenKeyPair + type: object + type: object + storageClass: + description: StorageClass defines the user provided storage class. If + not configured, it will use default storage class. + properties: + name: + description: Name defines name is the storage class reference name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + telemetry: + description: ConfluentTelemetry defines the confluent telemetry reporter + configuration + properties: + global: + description: Global will allow disabling telemetry configuration. + If Operator is deployed with telemetry, this field is only is + used to disabled. By default the value is true if telemetry is + enabled in global level. + type: boolean + type: object + tls: + description: TLS defines the global level TLS configuration which can + be used by listeners and services if they all want to share same certificate. + properties: + autoGeneratedCerts: + description: AutoGenerated if configures generates the certificates + based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where keystore/truststore.jks/jksPassword.txt keys + are mounted. CP will not configure truststore.jks can be ignored + with IgnoreTrustStoreConfig field + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the truststore + configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced for + jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced for + jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for certificates + More information about certificates key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - dataVolumeCapacity + - image + - replicas + type: object + status: + description: KafkaStatus defines the observed state of KafkaServer + properties: + authorizationType: + type: string + brokerIdOffset: + format: int32 + type: integer + clusterName: + description: ClusterName defines the name of the cluster + type: string + clusterNamespace: + description: ClusterNamespace provides the namespace where cluster is + running + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + currentReplicas: + description: CurrentReplicas defines current running replicas + format: int32 + type: integer + externalClient: + type: string + internalSecrets: + description: InternalSecrets defines the list of internal secrets created + by Operator for each CP component. + items: + type: string + type: array + internalTopicNames: + description: InternalTopicNames is a list of topics used by the component + for internal use + items: + type: string + type: array + listeners: + additionalProperties: + properties: + advertisedExternalEndpoints: + description: AdvertisedExternalEndpoints defines other advertised + endpoints, especially use for kafka + items: + type: string + type: array + authenticationType: + description: AuthenticationType defines authentication type configured + by a listener + type: string + client: + type: string + externalAccessType: + description: ExternalAccessType is the external access type used + for the listener + type: string + externalEndpoint: + description: ExternalEndpoint defines the external endpoint to + connect to the service + type: string + internalEndpoint: + description: InternalEndpoint defines the internal endpoint to + connect to the service + type: string + tls: + description: TLS defines whether tls is configured by a listener + type: boolean + type: object + type: object + minISR: + format: int32 + type: integer + operatorVersion: + description: OperatorVersion defines the internal version of operator + type: string + phase: + description: Phase defines the state of the CP component + type: string + readyReplicas: + description: ReadyReplicas defines current ready replicas + format: int32 + type: integer + replicas: + description: Replicas defines replicas + format: int32 + type: integer + replicationFactor: + format: int32 + type: integer + services: + additionalProperties: + description: ListenerStatus describes general information about a + listeners + properties: + advertisedExternalEndpoints: + description: AdvertisedExternalEndpoints defines other advertised + endpoints, especially use for kafka + items: + type: string + type: array + authenticationType: + description: AuthenticationType defines authentication type configured + by a listener + type: string + externalAccessType: + description: ExternalAccessType is the external access type used + for the listener + type: string + externalEndpoint: + description: ExternalEndpoint defines the external endpoint to + connect to the service + type: string + internalEndpoint: + description: InternalEndpoint defines the internal endpoint to + connect to the service + type: string + tls: + description: TLS defines whether tls is configured by a listener + type: boolean + type: object + type: object + zookeeperConnect: + type: string + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.0.3/crds/platform.confluent.io_kafkatopics.yaml b/base/cfk-base/2.0.3/crds/platform.confluent.io_kafkatopics.yaml new file mode 100644 index 0000000..bd6ba8c --- /dev/null +++ b/base/cfk-base/2.0.3/crds/platform.confluent.io_kafkatopics.yaml @@ -0,0 +1,270 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_kafkatopics.yaml + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: kafkatopics.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.replicas + name: Replicas + type: string + - JSONPath: .status.partitionCount + name: Partition + type: string + - JSONPath: .status.state + name: Status + type: string + - JSONPath: .status.kafkaClusterId + name: ClusterId + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: KafkaTopic + listKind: KafkaTopicList + plural: kafkatopics + shortNames: + - kt + - topic + singular: kafkatopic + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: KafkaTopic is the Schema for the kafkatopics API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KafkaTopicSpec defines the desired state of KafkaTopic + properties: + configs: + additionalProperties: + type: string + description: Configs allows passing configs for topic More information + about topic configs is available here https://docs.confluent.io/current/installation/configuration/topic-configs.html + type: object + kafkaClusterRef: + description: KafkaClusterRef defines the name of the kafka cluster + properties: + name: + description: Name defines name of the Kafka cluster + minLength: 1 + type: string + namespace: + description: Namespace defines namespace where kafka cluster is + running + minLength: 1 + type: string + required: + - name + type: object + kafkaRest: + description: KafkaRestRef defines the Kafka Rest API configuration + properties: + authentication: + description: Authentication defines authentication of Kafka Rest + API + properties: + basic: + description: KafkaRestBasicAuthentication defines basic authentication + properties: + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + bearer: + description: KafkaRestBearerAuthentication defines bearer authentication, + used by MDS clients when RBAC enabled + properties: + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: + enum: + - basic + - bearer + type: string + required: + - type + type: object + endpoint: + description: Endpoint defines where confluent Kafka Rest API is + running + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: TLSDependencyConfig defines the client side tls configuration + to connect to Kafka Rest API + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + kafkaRestClassRef: + description: KafkaRestClassRef defines the reference for KafkaRestClass + which defines Kafka Rest API + properties: + name: + description: Name defines the name of KafkaRestClass + minLength: 1 + type: string + namespace: + description: Namespace defines the namespace of the KafkaRestClass + type: string + required: + - name + type: object + name: + description: Name defines the topic name. If not configured uses the + CR name as topic name. + maxLength: 255 + minLength: 1 + pattern: ^[a-zA-Z0-9\._\-]*$ + type: string + partitionCount: + description: PartitionCount defines the partition count. If not configured + then it will be defaulted to whatever kafkarest V3 APIs supports + format: int32 + type: integer + replicas: + description: Replicas defines the replication factor for a topic. If + not configured then it will be defaulted to whatever kafkarest V3 + APIs supports + format: int32 + type: integer + type: object + status: + description: KafkaTopicStatus defines the observed state of KafkaTopic + properties: + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + kafkaClusterId: + type: string + kafkaRestEndpoint: + type: string + partitionCount: + format: int32 + type: integer + replicas: + format: int32 + type: integer + state: + type: string + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.0.3/crds/platform.confluent.io_ksqldbs.yaml b/base/cfk-base/2.0.3/crds/platform.confluent.io_ksqldbs.yaml new file mode 100644 index 0000000..8a16e2a --- /dev/null +++ b/base/cfk-base/2.0.3/crds/platform.confluent.io_ksqldbs.yaml @@ -0,0 +1,2585 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_ksqldbs.yaml + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: ksqldbs.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.replicas + name: Replicas + type: string + - JSONPath: .status.readyReplicas + name: Ready + type: string + - JSONPath: .status.phase + name: Status + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.kafka.bootstrapEndpoint + name: Kafka + priority: 1 + type: string + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: KsqlDB + listKind: KsqlDBList + plural: ksqldbs + shortNames: + - ksqldb + - ksql + singular: ksqldb + preserveUnknownFields: false + scope: Namespaced + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + validation: + openAPIV3Schema: + description: KsqlDB is the Schema for the ksql API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KafkaSpec defines the desired state of CP component, Kafka + Server + properties: + authentication: + description: Authentication specifies whether auth is needed when accessing + the ksqlDB rest server. + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic credential + through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on the + server side only. Changes will be only reflected in ControlCenter + (C3). This configuration is ignored on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on the + server side only. This configuration is ignored on the client + side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme for Rest + Server + enum: + - basic + - mtls + type: string + required: + - type + type: object + authorization: + description: Authorization configuration defines RBAC configuration + properties: + kafkaRestClassRef: + description: KafkaRestClassRef defines the reference for KafkaRestClass + which defines Kafka Rest API + properties: + name: + description: Name defines the name of KafkaRestClass + minLength: 1 + type: string + namespace: + description: Namespace defines the namespace of the KafkaRestClass + type: string + required: + - name + type: object + type: + enum: + - rbac + type: string + required: + - type + type: object + configOverrides: + description: ConfigurationOverrides defines capability to override server/jvm/log4j + properties for each Confluent platform component. Change will roll + the cluster + properties: + jvm: + description: JVM defines a list of jvm configuration supported by + application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported by + application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + dataVolumeCapacity: + anyOf: + - type: integer + - type: string + description: Data volume + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + dependencies: + description: Dependencies defines dependencies Kafka, interceptor, schemaregistry, + mds dependencies + properties: + interceptor: + description: InterceptorDependency defines interceptor settings + for CP component + properties: + configs: + description: Configs defines configs for the CP interceptor + Config override feature can be used to pass config + items: + type: string + type: array + consumer: + description: Consumer defines the consumer configuration for + interceptor. If not configured it will use the kafka dependency + configuration + properties: + authentication: + description: Authentication defines the authentication for + the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's + JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference + to pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete + JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability + to discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is + running Uses the same namespace where Operator is + running if not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side + TLS setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + enabled: + description: Enabled defines to enable the CP interceptor configuration + type: boolean + producer: + description: Producer defines the producer configuration for + interceptor. If not configured it will use the kafka dependency + configuration + properties: + authentication: + description: Authentication defines the authentication for + the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's + JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference + to pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete + JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability + to discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is + running Uses the same namespace where Operator is + running if not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side + TLS setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + publishMs: + type: integer + required: + - enabled + type: object + kafka: + description: KafkaClientDependency allows configuring CP component + dependency to configure kafka settings + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: MDSDependencies defines MDS configure when CP RBAC + is enabled + properties: + authentication: + description: Authentication defines MDS authentication configuration + properties: + bearer: + description: BearerAuthentication defines bearer authentication + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines the authentication type support + for MDS + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: Endpoint defines the mds endpoint + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: TokenKeyPair defines the token keypair to configure + MDS + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - authentication + - endpoint + - tokenKeyPair + type: object + schemaRegistry: + description: SchemaRegistryClientDependency allows configuring CP + component dependency to configure schemaRegistry settings + properties: + authentication: + description: Authentication defines the authentication for the + schemaregistry cluster + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass + basic credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles + on the server side only. Changes will be only reflected + in ControlCenter (C3). This configuration is ignored + on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is ignored + on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for schemaregistry cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - url + type: object + type: object + externalAccess: + description: Provides configuring endpoints and services to make ksqlDB + accessible from outside the cluster + properties: + loadBalancer: + description: LoadBalancer allows to create a kubernetes load balancer + service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type load balancer + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring source + range + items: + type: string + type: array + port: + description: Port allows to configure external port for client + consumption If not configured, same internal/external port + will be configured per component Information about the port + can be retrieved through status API + format: int32 + type: integer + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port offset + to be used and will go in the increasing order with respect + to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) For Kafka with nodePort type, it will only apply to + kafka bootstrap service + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for OpenShift + Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the OpenShift + service type route + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. It defaults + to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: Type defines supported kubernetes external services + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + image: + description: Image defines application and init docker image configuration. + Change will roll the cluster + properties: + application: + description: Application defines application docker image name + pattern: .+:.+ + type: string + init: + description: Init defines init-container name + pattern: .+:.+ + type: string + pullPolicy: + description: ImagePullPolicy, One of Always, Never, IfNotPresent. + Defaults to IfNotPresent. + enum: + - Always + - Never + - IfNotPresent + type: string + pullSecretRef: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods that + reference this ServiceAccount. ImagePullSecrets are distinct from + Secrets because Secrets can be mounted in the pod, but ImagePullSecrets + are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: InjectAnnotations annotations are injected to all the internal + resources created by Operator. All the internal annotations is preserved + and forbidden to override. For pod annotations, use podTemplate.annotations + type: object + injectLabels: + additionalProperties: + type: string + description: InjectLabels labels are injected to all the internal resources + created by Operator. All the internal labels is preserved and forbidden + to override. For pod labels, use podTemplate.labels + type: object + internalTopicReplicationFactor: + description: Replication factor for internal topics + format: int32 + type: integer + k8sClusterDomain: + description: K8SClusterDomain defines configuring kubernetes cluster + domain if required. If this setting is not configured it will default + to cluster.local domain. + type: string + license: + description: License defines license configuration for Confluent platform + component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where license key is mounted. More information about + the usage be found in Confluent Operator document. + minLength: 1 + type: string + globalLicense: + description: GlobalLicense specifies whether operator pod license + will be used for this component If enabled then Confluent platform + component shares Confluent Operator license. + type: boolean + secretRef: + description: SecretRef is secret reference which provides license + for CP component More information about the license key struct + can be found in Confluent Operator document. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + metrics: + description: Metrics specifies the security settings for metric services + properties: + authentication: + description: Metrics security authentication + properties: + type: + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: Override for jmx-prometheus exporter configs + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Prometheus exporter rule override + properties: + attrNameSnakeCase: + minLength: 1 + type: string + cache: + minLength: 1 + type: string + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + minLength: 1 + type: string + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP component + (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: MountedSecrets defines list of secrets reference injected + to the the underlying statefulset configuration. The secret reference + is mounted secret mounted in default path /mnt/secrets/. + The underlying resources will follow the secret as a file configuration + as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod + Change will roll the cluster + items: + description: MountedSecrets allows provides a way to inject custom + secret to underlying statefulset. + properties: + keyItems: + description: keyItems is list of key and path names + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must + be a value between 0 and 0777. If not specified, the volume + defaultMode will be used. This might be in conflict with + other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key + to. May not be an absolute path. May not contain the path + element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: SecretRef defines the secret name referenced + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + oneReplicaPerNode: + description: OneReplicaPerNode enforces to run 1 pod per node through + pod anti-affinity capability. Enabling this configuration in existing + cluster will roll. Change will roll the cluster + type: boolean + podTemplate: + description: PodTemplate defines some statefulset pod template configuration + properties: + affinity: + description: 'Affinity is a group of affinity scheduling rules. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its + node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. + The TopologySelectorTerm type implements a subset + of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the + sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations defines an unstructured key value map + stored with a resource that may be set by external tools to store + and retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + envVars: + description: 'EnvVars defines the collection of EnvVar to inject + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Labels defines map of string keys and values that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present in + container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all + containers in a pod. Some volume types allow the Kubelet to + change the ownership of that volume to be owned by the pod: + \n 1. The owning GID will be the FSGroup 2. The setgid bit + is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership and permissions + of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence for + that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to + start the container if it does. If unset or false, no such + validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run + in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName defines priority class for the pod + (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: Probe defines some fields of standard kubernetes readiness/liveness + probe configuration. + properties: + liveness: + description: Liveness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + readiness: + description: Readiness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + type: object + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds defines grace period + for pod deletion + format: int64 + type: integer + tolerations: + description: Tolerations defines The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator . + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using the + matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to + Equal. Exists is equivalent to wildcard for value, so that + a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do + not evict). Zero and negative values will be treated as + 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraints describes how a group of + pods ought to spread across topology domains. Scheduler will schedule + pods in a way which abides by the constraints. All topologySpreadConstraints + are ANDed. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods may + be unevenly distributed. It''s the maximum permitted difference + between the number of matching pods in any two topology + domains of a given topology type. For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with the same labelSelector + spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | + - if MaxSkew is 1, incoming pod can only be scheduled to + zone3 to become 1/1/1; scheduling it onto zone1(zone2) would + make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any + zone. It''s a required field. Default value is 1 and 0 is + not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule + (default) tells the scheduler not to schedule it - ScheduleAnyway + tells the scheduler to still schedule it It''s considered + as "Unsatisfiable" if and only if placing incoming pod on + any topology violates "MaxSkew". For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with the same labelSelector + spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod + can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). + In other words, the cluster can still be imbalanced, but + scheduler won''t make it *more* imbalanced. It''s a required + field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + replicas: + description: Replicas is the desired number of replicas of the given + Template. Change will roll the cluster + format: int32 + type: integer + storageClass: + description: Storage class used for creating pvc's of created ksqlDB + pods + properties: + name: + description: Name defines name is the storage class reference name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + telemetry: + description: ConfluentTelemetry defines the confluent telemetry reporter + configuration + properties: + global: + description: Global will allow disabling telemetry configuration. + If Operator is deployed with telemetry, this field is only is + used to disabled. By default the value is true if telemetry is + enabled in global level. + type: boolean + type: object + tls: + description: Specifies TLS configurations for the ksqlDB rest server. + properties: + autoGeneratedCerts: + description: AutoGenerated if configures generates the certificates + based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where keystore/truststore.jks/jksPassword.txt keys + are mounted. CP will not configure truststore.jks can be ignored + with IgnoreTrustStoreConfig field + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the truststore + configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced for + jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced for + jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for certificates + More information about certificates key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - dataVolumeCapacity + - image + - replicas + type: object + status: + description: KsqlDBStatus defines the observed state of KSQLServer + properties: + authorizationType: + type: string + clusterName: + description: ClusterName defines the name of the cluster + type: string + clusterNamespace: + description: ClusterNamespace provides the namespace where cluster is + running + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + currentReplicas: + description: CurrentReplicas defines current running replicas + format: int32 + type: integer + internalSecrets: + description: InternalSecrets defines the list of internal secrets created + by Operator for each CP component. + items: + type: string + type: array + internalTopicNames: + description: InternalTopicNames is a list of topics used by the component + for internal use + items: + type: string + type: array + kafka: + description: KafkaClientInfoStatus defines the kafka client side status + for all CP component + properties: + authenticationType: + description: AuthenticationType defines the authentication type + for kafka + type: string + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + type: string + tls: + description: TLS defines if tls is enabled for kafka dependency + type: boolean + type: object + operatorVersion: + description: OperatorVersion defines the internal version of operator + type: string + phase: + description: Phase defines the state of the CP component + type: string + rbac: + description: RBACInfoStatus defines RBAC related status when RBAC is + enabled + properties: + clusterId: + description: ClusterId defines the id of cluster + type: string + internalRolebindings: + description: RolebindingState defines the state of internal rolebindings + items: + type: string + type: array + type: object + readyReplicas: + description: ReadyReplicas defines current ready replicas + format: int32 + type: integer + replicas: + description: Replicas defines replicas + format: int32 + type: integer + restConfig: + description: ListenerStatus describes general information about a listeners + properties: + advertisedExternalEndpoints: + description: AdvertisedExternalEndpoints defines other advertised + endpoints, especially use for kafka + items: + type: string + type: array + authenticationType: + description: AuthenticationType defines authentication type configured + by a listener + type: string + externalAccessType: + description: ExternalAccessType is the external access type used + for the listener + type: string + externalEndpoint: + description: ExternalEndpoint defines the external endpoint to connect + to the service + type: string + internalEndpoint: + description: InternalEndpoint defines the internal endpoint to connect + to the service + type: string + tls: + description: TLS defines whether tls is configured by a listener + type: boolean + type: object + serviceId: + type: string + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.0.3/crds/platform.confluent.io_migrationjobs.yaml b/base/cfk-base/2.0.3/crds/platform.confluent.io_migrationjobs.yaml new file mode 100644 index 0000000..2a50c83 --- /dev/null +++ b/base/cfk-base/2.0.3/crds/platform.confluent.io_migrationjobs.yaml @@ -0,0 +1,672 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_migrationjobs.yaml + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: migrationjobs.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: MigrationJob + listKind: MigrationJobList + plural: migrationjobs + shortNames: + - migrationjob + - migration + singular: migrationjob + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: MigrationJob is the Schema for the migrationjobs API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MigrationJobSpec defines the desired state of MigrationJob + properties: + blockReconcile: + type: boolean + connect: + description: ConnectMigrationJobSpec defines the desired state of Connect + after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must be + unique. An empty namespace is equivalent to the "default" namespace, + but "default" is the canonical representation. Not all objects + are required to be scoped to a namespace - the value of this field + for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + controlcenter: + description: ControlCenterMigrationJobSpec defines the desired state + of ControlCenter after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must be + unique. An empty namespace is equivalent to the "default" namespace, + but "default" is the canonical representation. Not all objects + are required to be scoped to a namespace - the value of this field + for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + initContainerImage: + minLength: 1 + type: string + kafka: + description: KafkaMigrationJobSpec defines the descired state of Kafka + after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must be + unique. An empty namespace is equivalent to the "default" namespace, + but "default" is the canonical representation. Not all objects + are required to be scoped to a namespace - the value of this field + for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + ksqldb: + description: KsqlDBMigrationJobSpec defines the desired state of KsqlDB + after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must be + unique. An empty namespace is equivalent to the "default" namespace, + but "default" is the canonical representation. Not all objects + are required to be scoped to a namespace - the value of this field + for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + pullSecretRef: + items: + type: string + type: array + replicator: + description: ReplicatorMigrationJobSpec defines the desired state of + Replicator after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must be + unique. An empty namespace is equivalent to the "default" namespace, + but "default" is the canonical representation. Not all objects + are required to be scoped to a namespace - the value of this field + for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + schemaRegistry: + description: SchemaRegistryMigrationJobSpec defines the desired state + of SchemaRegistry after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must be + unique. An empty namespace is equivalent to the "default" namespace, + but "default" is the canonical representation. Not all objects + are required to be scoped to a namespace - the value of this field + for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + skipCleanup: + type: boolean + skipRollback: + type: boolean + zookeeper: + description: ZookeeperMigrationJobSpec defines the desired state of + Zookeeper after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must be + unique. An empty namespace is equivalent to the "default" namespace, + but "default" is the canonical representation. Not all objects + are required to be scoped to a namespace - the value of this field + for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + required: + - initContainerImage + type: object + status: + description: MigrationJobStatus defines the observed state of MigrationJob + properties: + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + connect: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + controlcenter: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + kafka: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + ksqldb: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + phase: + type: string + replicator: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + schemaRegistry: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + zookeeper: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + required: + - phase + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.0.3/crds/platform.confluent.io_schemaregistries.yaml b/base/cfk-base/2.0.3/crds/platform.confluent.io_schemaregistries.yaml new file mode 100644 index 0000000..f0822c2 --- /dev/null +++ b/base/cfk-base/2.0.3/crds/platform.confluent.io_schemaregistries.yaml @@ -0,0 +1,2188 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_schemaregistries.yaml + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: schemaregistries.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.replicas + name: Replicas + type: string + - JSONPath: .status.readyReplicas + name: Ready + type: string + - JSONPath: .status.phase + name: Status + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.kafka.bootstrapEndpoint + name: Kafka + priority: 1 + type: string + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: SchemaRegistry + listKind: SchemaRegistryList + plural: schemaregistries + shortNames: + - schemaregistry + - sr + singular: schemaregistry + preserveUnknownFields: false + scope: Namespaced + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + validation: + openAPIV3Schema: + description: SchemaRegistry is the Schema for the schemaregistries API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SchemaRegistrySpec defines the desired state of SchemaRegistry + properties: + authentication: + description: Authentication defines the rest-endpoint configuration + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic credential + through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on the + server side only. Changes will be only reflected in ControlCenter + (C3). This configuration is ignored on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on the + server side only. This configuration is ignored on the client + side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme for Rest + Server + enum: + - basic + - mtls + type: string + required: + - type + type: object + authorization: + description: Authorization defines authorization configurations + properties: + kafkaRestClassRef: + description: KafkaRestClassRef defines the reference for KafkaRestClass + which defines Kafka Rest API + properties: + name: + description: Name defines the name of KafkaRestClass + minLength: 1 + type: string + namespace: + description: Namespace defines the namespace of the KafkaRestClass + type: string + required: + - name + type: object + type: + enum: + - rbac + type: string + required: + - type + type: object + configOverrides: + description: ConfigurationOverrides defines capability to override server/jvm/log4j + properties for each Confluent platform component. Change will roll + the cluster + properties: + jvm: + description: JVM defines a list of jvm configuration supported by + application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported by + application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + dependencies: + description: Dependencies defines all the dependencies service configuration + properties: + kafka: + description: Kafka defines kafka dependencies configuration + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: MDSDependencies defines the RBAC dependencies configurations + properties: + authentication: + description: Authentication defines MDS authentication configuration + properties: + bearer: + description: BearerAuthentication defines bearer authentication + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines the authentication type support + for MDS + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: Endpoint defines the mds endpoint + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: TokenKeyPair defines the token keypair to configure + MDS + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - authentication + - endpoint + - tokenKeyPair + type: object + type: object + externalAccess: + description: ExternalAccess defines the external access configuration + properties: + loadBalancer: + description: LoadBalancer allows to create a kubernetes load balancer + service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type load balancer + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring source + range + items: + type: string + type: array + port: + description: Port allows to configure external port for client + consumption If not configured, same internal/external port + will be configured per component Information about the port + can be retrieved through status API + format: int32 + type: integer + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port offset + to be used and will go in the increasing order with respect + to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) For Kafka with nodePort type, it will only apply to + kafka bootstrap service + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for OpenShift + Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the OpenShift + service type route + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. It defaults + to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: Type defines supported kubernetes external services + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + image: + description: Image defines application and init docker image configuration. + Change will roll the cluster + properties: + application: + description: Application defines application docker image name + pattern: .+:.+ + type: string + init: + description: Init defines init-container name + pattern: .+:.+ + type: string + pullPolicy: + description: ImagePullPolicy, One of Always, Never, IfNotPresent. + Defaults to IfNotPresent. + enum: + - Always + - Never + - IfNotPresent + type: string + pullSecretRef: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods that + reference this ServiceAccount. ImagePullSecrets are distinct from + Secrets because Secrets can be mounted in the pod, but ImagePullSecrets + are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: InjectAnnotations annotations are injected to all the internal + resources created by Operator. All the internal annotations is preserved + and forbidden to override. For pod annotations, use podTemplate.annotations + type: object + injectLabels: + additionalProperties: + type: string + description: InjectLabels labels are injected to all the internal resources + created by Operator. All the internal labels is preserved and forbidden + to override. For pod labels, use podTemplate.labels + type: object + internalTopicReplicatorFactor: + format: int32 + minimum: 1 + type: integer + k8sClusterDomain: + description: K8SClusterDomain defines configuring kubernetes cluster + domain if required. If this setting is not configured it will default + to cluster.local domain. + type: string + license: + description: License defines license configuration for Confluent platform + component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where license key is mounted. More information about + the usage be found in Confluent Operator document. + minLength: 1 + type: string + globalLicense: + description: GlobalLicense specifies whether operator pod license + will be used for this component If enabled then Confluent platform + component shares Confluent Operator license. + type: boolean + secretRef: + description: SecretRef is secret reference which provides license + for CP component More information about the license key struct + can be found in Confluent Operator document. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + metrics: + description: Metrics specifies the security settings for metric services + properties: + authentication: + description: Metrics security authentication + properties: + type: + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: Override for jmx-prometheus exporter configs + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Prometheus exporter rule override + properties: + attrNameSnakeCase: + minLength: 1 + type: string + cache: + minLength: 1 + type: string + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + minLength: 1 + type: string + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP component + (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: MountedSecrets defines list of secrets reference injected + to the the underlying statefulset configuration. The secret reference + is mounted secret mounted in default path /mnt/secrets/. + The underlying resources will follow the secret as a file configuration + as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod + Change will roll the cluster + items: + description: MountedSecrets allows provides a way to inject custom + secret to underlying statefulset. + properties: + keyItems: + description: keyItems is list of key and path names + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must + be a value between 0 and 0777. If not specified, the volume + defaultMode will be used. This might be in conflict with + other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key + to. May not be an absolute path. May not contain the path + element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: SecretRef defines the secret name referenced + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + oneReplicaPerNode: + description: OneReplicaPerNode enforces to run 1 pod per node through + pod anti-affinity capability. Enabling this configuration in existing + cluster will roll. Change will roll the cluster + type: boolean + podTemplate: + description: PodTemplate defines some statefulset pod template configuration + properties: + affinity: + description: 'Affinity is a group of affinity scheduling rules. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its + node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. + The TopologySelectorTerm type implements a subset + of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the + sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations defines an unstructured key value map + stored with a resource that may be set by external tools to store + and retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + envVars: + description: 'EnvVars defines the collection of EnvVar to inject + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Labels defines map of string keys and values that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present in + container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all + containers in a pod. Some volume types allow the Kubelet to + change the ownership of that volume to be owned by the pod: + \n 1. The owning GID will be the FSGroup 2. The setgid bit + is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership and permissions + of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence for + that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to + start the container if it does. If unset or false, no such + validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run + in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName defines priority class for the pod + (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: Probe defines some fields of standard kubernetes readiness/liveness + probe configuration. + properties: + liveness: + description: Liveness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + readiness: + description: Readiness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + type: object + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds defines grace period + for pod deletion + format: int64 + type: integer + tolerations: + description: Tolerations defines The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator . + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using the + matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to + Equal. Exists is equivalent to wildcard for value, so that + a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do + not evict). Zero and negative values will be treated as + 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraints describes how a group of + pods ought to spread across topology domains. Scheduler will schedule + pods in a way which abides by the constraints. All topologySpreadConstraints + are ANDed. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods may + be unevenly distributed. It''s the maximum permitted difference + between the number of matching pods in any two topology + domains of a given topology type. For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with the same labelSelector + spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | + - if MaxSkew is 1, incoming pod can only be scheduled to + zone3 to become 1/1/1; scheduling it onto zone1(zone2) would + make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any + zone. It''s a required field. Default value is 1 and 0 is + not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule + (default) tells the scheduler not to schedule it - ScheduleAnyway + tells the scheduler to still schedule it It''s considered + as "Unsatisfiable" if and only if placing incoming pod on + any topology violates "MaxSkew". For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with the same labelSelector + spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod + can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). + In other words, the cluster can still be imbalanced, but + scheduler won''t make it *more* imbalanced. It''s a required + field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + replicas: + description: Replicas is the desired number of replicas of the given + Template. Change will roll the cluster + format: int32 + type: integer + telemetry: + description: ConfluentTelemetry defines the confluent telemetry reporter + configuration + properties: + global: + description: Global will allow disabling telemetry configuration. + If Operator is deployed with telemetry, this field is only is + used to disabled. By default the value is true if telemetry is + enabled in global level. + type: boolean + type: object + tls: + description: TLS defines tls configuration for rest-endpoint + properties: + autoGeneratedCerts: + description: AutoGenerated if configures generates the certificates + based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where keystore/truststore.jks/jksPassword.txt keys + are mounted. CP will not configure truststore.jks can be ignored + with IgnoreTrustStoreConfig field + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the truststore + configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced for + jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced for + jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for certificates + More information about certificates key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - image + - replicas + type: object + status: + description: SchemaRegistryStatus defines the observed state of SchemaRegistry + properties: + authorizationType: + type: string + clusterName: + description: ClusterName defines the name of the cluster + type: string + clusterNamespace: + description: ClusterNamespace provides the namespace where cluster is + running + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + currentReplicas: + description: CurrentReplicas defines current running replicas + format: int32 + type: integer + groupId: + type: string + internalSecrets: + description: InternalSecrets defines the list of internal secrets created + by Operator for each CP component. + items: + type: string + type: array + internalTopicNames: + description: InternalTopicNames is a list of topics used by the component + for internal use + items: + type: string + type: array + kafka: + description: KafkaClientInfoStatus defines the kafka client side status + for all CP component + properties: + authenticationType: + description: AuthenticationType defines the authentication type + for kafka + type: string + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + type: string + tls: + description: TLS defines if tls is enabled for kafka dependency + type: boolean + type: object + metricPrefix: + type: string + operatorVersion: + description: OperatorVersion defines the internal version of operator + type: string + phase: + description: Phase defines the state of the CP component + type: string + rbac: + description: RBACInfoStatus defines RBAC related status when RBAC is + enabled + properties: + clusterId: + description: ClusterId defines the id of cluster + type: string + internalRolebindings: + description: RolebindingState defines the state of internal rolebindings + items: + type: string + type: array + type: object + readyReplicas: + description: ReadyReplicas defines current ready replicas + format: int32 + type: integer + replicas: + description: Replicas defines replicas + format: int32 + type: integer + restConfig: + description: ListenerStatus describes general information about a listeners + properties: + advertisedExternalEndpoints: + description: AdvertisedExternalEndpoints defines other advertised + endpoints, especially use for kafka + items: + type: string + type: array + authenticationType: + description: AuthenticationType defines authentication type configured + by a listener + type: string + externalAccessType: + description: ExternalAccessType is the external access type used + for the listener + type: string + externalEndpoint: + description: ExternalEndpoint defines the external endpoint to connect + to the service + type: string + internalEndpoint: + description: InternalEndpoint defines the internal endpoint to connect + to the service + type: string + tls: + description: TLS defines whether tls is configured by a listener + type: boolean + type: object + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.0.3/crds/platform.confluent.io_zookeepers.yaml b/base/cfk-base/2.0.3/crds/platform.confluent.io_zookeepers.yaml new file mode 100644 index 0000000..19b661d --- /dev/null +++ b/base/cfk-base/2.0.3/crds/platform.confluent.io_zookeepers.yaml @@ -0,0 +1,1666 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_zookeepers.yaml + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: zookeepers.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.replicas + name: Replicas + type: string + - JSONPath: .status.readyReplicas + name: Ready + type: string + - JSONPath: .status.phase + name: Status + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.endpoint + name: Endpoint + priority: 1 + type: string + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: Zookeeper + listKind: ZookeeperList + plural: zookeepers + shortNames: + - zookeeper + - zk + singular: zookeeper + preserveUnknownFields: false + scope: Namespaced + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + validation: + openAPIV3Schema: + description: Zookeeper is the Schema for the zookeepers API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ZookeeperSpec defines the desired state of Confluent Platform + (CP) component, Zookeeper + properties: + authentication: + description: Authentication defines support authentication configuration + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass required + credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced for + authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + principalMappingRules: + items: + type: string + type: array + type: + description: Type defines supported kafka authentication types + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + configOverrides: + description: ConfigurationOverrides defines capability to override server/jvm/log4j + properties for each Confluent platform component. Change will roll + the cluster + properties: + jvm: + description: JVM defines a list of jvm configuration supported by + application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported by + application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + dataVolumeCapacity: + anyOf: + - type: integer + - type: string + description: DataVolumeCapacity defines the data volume size + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + image: + description: Image defines application and init docker image configuration. + Change will roll the cluster + properties: + application: + description: Application defines application docker image name + pattern: .+:.+ + type: string + init: + description: Init defines init-container name + pattern: .+:.+ + type: string + pullPolicy: + description: ImagePullPolicy, One of Always, Never, IfNotPresent. + Defaults to IfNotPresent. + enum: + - Always + - Never + - IfNotPresent + type: string + pullSecretRef: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods that + reference this ServiceAccount. ImagePullSecrets are distinct from + Secrets because Secrets can be mounted in the pod, but ImagePullSecrets + are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: InjectAnnotations annotations are injected to all the internal + resources created by Operator. All the internal annotations is preserved + and forbidden to override. For pod annotations, use podTemplate.annotations + type: object + injectLabels: + additionalProperties: + type: string + description: InjectLabels labels are injected to all the internal resources + created by Operator. All the internal labels is preserved and forbidden + to override. For pod labels, use podTemplate.labels + type: object + k8sClusterDomain: + description: K8SClusterDomain defines configuring kubernetes cluster + domain if required. If this setting is not configured it will default + to cluster.local domain. + type: string + license: + description: License defines license configuration for Confluent platform + component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where license key is mounted. More information about + the usage be found in Confluent Operator document. + minLength: 1 + type: string + globalLicense: + description: GlobalLicense specifies whether operator pod license + will be used for this component If enabled then Confluent platform + component shares Confluent Operator license. + type: boolean + secretRef: + description: SecretRef is secret reference which provides license + for CP component More information about the license key struct + can be found in Confluent Operator document. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + logVolumeCapacity: + anyOf: + - type: integer + - type: string + description: LogVolumeCapacity defines the log volume size + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + metrics: + description: Metrics specifies the security settings for metric services + properties: + authentication: + description: Metrics security authentication + properties: + type: + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: Override for jmx-prometheus exporter configs + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Prometheus exporter rule override + properties: + attrNameSnakeCase: + minLength: 1 + type: string + cache: + minLength: 1 + type: string + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + minLength: 1 + type: string + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP component + (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: MountedSecrets defines list of secrets reference injected + to the the underlying statefulset configuration. The secret reference + is mounted secret mounted in default path /mnt/secrets/. + The underlying resources will follow the secret as a file configuration + as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod + Change will roll the cluster + items: + description: MountedSecrets allows provides a way to inject custom + secret to underlying statefulset. + properties: + keyItems: + description: keyItems is list of key and path names + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must + be a value between 0 and 0777. If not specified, the volume + defaultMode will be used. This might be in conflict with + other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key + to. May not be an absolute path. May not contain the path + element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: SecretRef defines the secret name referenced + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + oneReplicaPerNode: + description: OneReplicaPerNode enforces to run 1 pod per node through + pod anti-affinity capability. Enabling this configuration in existing + cluster will roll. Change will roll the cluster + type: boolean + podTemplate: + description: PodTemplate defines some statefulset pod template configuration + properties: + affinity: + description: 'Affinity is a group of affinity scheduling rules. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its + node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. + The TopologySelectorTerm type implements a subset + of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the + sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations defines an unstructured key value map + stored with a resource that may be set by external tools to store + and retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + envVars: + description: 'EnvVars defines the collection of EnvVar to inject + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Labels defines map of string keys and values that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present in + container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all + containers in a pod. Some volume types allow the Kubelet to + change the ownership of that volume to be owned by the pod: + \n 1. The owning GID will be the FSGroup 2. The setgid bit + is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership and permissions + of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence for + that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to + start the container if it does. If unset or false, no such + validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run + in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName defines priority class for the pod + (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: Probe defines some fields of standard kubernetes readiness/liveness + probe configuration. + properties: + liveness: + description: Liveness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + readiness: + description: Readiness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + type: object + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds defines grace period + for pod deletion + format: int64 + type: integer + tolerations: + description: Tolerations defines The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator . + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using the + matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to + Equal. Exists is equivalent to wildcard for value, so that + a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do + not evict). Zero and negative values will be treated as + 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraints describes how a group of + pods ought to spread across topology domains. Scheduler will schedule + pods in a way which abides by the constraints. All topologySpreadConstraints + are ANDed. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods may + be unevenly distributed. It''s the maximum permitted difference + between the number of matching pods in any two topology + domains of a given topology type. For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with the same labelSelector + spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | + - if MaxSkew is 1, incoming pod can only be scheduled to + zone3 to become 1/1/1; scheduling it onto zone1(zone2) would + make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any + zone. It''s a required field. Default value is 1 and 0 is + not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule + (default) tells the scheduler not to schedule it - ScheduleAnyway + tells the scheduler to still schedule it It''s considered + as "Unsatisfiable" if and only if placing incoming pod on + any topology violates "MaxSkew". For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with the same labelSelector + spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod + can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). + In other words, the cluster can still be imbalanced, but + scheduler won''t make it *more* imbalanced. It''s a required + field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + replicas: + description: Replicas is the desired number of replicas of the given + Template. Change will roll the cluster + format: int32 + type: integer + storageClass: + description: StorageClass defines the user provided storage class. If + not configured, it will use default storage class. + properties: + name: + description: Name defines name is the storage class reference name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLS defines TLS setting + properties: + autoGeneratedCerts: + description: AutoGenerated if configures generates the certificates + based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where keystore/truststore.jks/jksPassword.txt keys + are mounted. CP will not configure truststore.jks can be ignored + with IgnoreTrustStoreConfig field + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the truststore + configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced for + jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced for + jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for certificates + More information about certificates key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - dataVolumeCapacity + - image + - logVolumeCapacity + - replicas + type: object + status: + description: ZookeeperStatus defines the observed state of Zookeeper + properties: + authenticationType: + type: string + authorizationType: + type: string + clusterName: + description: ClusterName defines the name of the cluster + type: string + clusterNamespace: + description: ClusterNamespace provides the namespace where cluster is + running + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + currentReplicas: + description: CurrentReplicas defines current running replicas + format: int32 + type: integer + endpoint: + type: string + internalSecrets: + description: InternalSecrets defines the list of internal secrets created + by Operator for each CP component. + items: + type: string + type: array + internalTopicNames: + description: InternalTopicNames is a list of topics used by the component + for internal use + items: + type: string + type: array + myIdOffset: + description: MyIdOffset myid offset configuration + format: int32 + type: integer + operatorVersion: + description: OperatorVersion defines the internal version of operator + type: string + phase: + description: Phase defines the state of the CP component + type: string + readyReplicas: + description: ReadyReplicas defines current ready replicas + format: int32 + type: integer + replicas: + description: Replicas defines replicas + format: int32 + type: integer + tls: + type: boolean + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.0.3/templates/clusterrole.yaml b/base/cfk-base/2.0.3/templates/clusterrole.yaml new file mode 100644 index 0000000..27d637c --- /dev/null +++ b/base/cfk-base/2.0.3/templates/clusterrole.yaml @@ -0,0 +1,118 @@ +--- +# Source: confluent-for-kubernetes/templates/clusterrole.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: confluent-for-kubernetes + app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: confluent-for-kubernetes-0.174.25 + name: confluent-operator +rules: +- apiGroups: + - cluster.confluent.com + resources: + - zookeeperclusters + - zookeeperclusters/status + - zookeeperclusters/scale + - zookeeperclusters/finalizers + - kafkaclusters + - kafkaclusters/status + - kafkaclusters/scale + - kafkaclusters/finalizers + verbs: + - '*' +- apiGroups: + - operator.confluent.cloud + resources: + - physicalstatefulclusters + - physicalstatefulclusters/scale + - physicalstatefulclusters/status + - physicalstatefulclusters/finalizers + verbs: + - '*' +- apiGroups: + - platform.confluent.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - route.openshift.io + resources: + - routes + - routes/custom-host + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - apps + resources: + - statefulsets + - statefulsets/scale + - statefulsets/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps + - events + - persistentvolumeclaims + - secrets + - secrets/finalizers + - pods + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - networking.k8s.io + resources: + - ingresses + - ingresses/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get diff --git a/base/cfk-base/2.0.3/templates/clusterrolebinding.yaml b/base/cfk-base/2.0.3/templates/clusterrolebinding.yaml new file mode 100644 index 0000000..bef6a49 --- /dev/null +++ b/base/cfk-base/2.0.3/templates/clusterrolebinding.yaml @@ -0,0 +1,21 @@ +--- +# Source: confluent-for-kubernetes/templates/clusterrolebinding.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: + app: confluent-for-kubernetes + app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: confluent-for-kubernetes-0.174.25 + name: confluent-operator +subjects: +- kind: ServiceAccount + name: confluent-for-kubernetes + namespace: default +roleRef: + kind: ClusterRole + name: confluent-operator + apiGroup: rbac.authorization.k8s.io diff --git a/base/cfk-base/2.0.3/templates/deployment.yaml b/base/cfk-base/2.0.3/templates/deployment.yaml new file mode 100644 index 0000000..34e0caf --- /dev/null +++ b/base/cfk-base/2.0.3/templates/deployment.yaml @@ -0,0 +1,82 @@ +--- +# Source: confluent-for-kubernetes/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: confluent-for-kubernetes + app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: confluent-for-kubernetes-0.174.25 + version: 0.174.25 + name: confluent-operator + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: "confluent-operator" + app.kubernetes.io/instance: release-name + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: + prometheus.io/path: "/metrics" + prometheus.io/port: "7778" + prometheus.io/scrape: "true" + labels: + app: "confluent-operator" + app.kubernetes.io/name: "confluent-operator" + app.kubernetes.io/instance: release-name + confluent-platform: "true" + version: 0.174.25 + spec: + securityContext: + fsGroup: 1001 + runAsNonRoot: true + runAsUser: 1001 + containers: + - args: + - --debug=false + name: confluent-operator + image: docker.io/confluentinc/confluent-operator:0.174.25 + imagePullPolicy: IfNotPresent + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + readinessProbe: + httpGet: + port: 8080 + path: /readyz + livenessProbe: + httpGet: + port: 8080 + path: /healthz + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: NODEIP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_ENTITY_ID + valueFrom: + fieldRef: + fieldPath: metadata.uid + serviceAccountName: confluent-for-kubernetes + restartPolicy: Always + terminationGracePeriodSeconds: 30 diff --git a/base/cfk-base/2.0.3/templates/kustomization.yaml b/base/cfk-base/2.0.3/templates/kustomization.yaml new file mode 100644 index 0000000..e9867e7 --- /dev/null +++ b/base/cfk-base/2.0.3/templates/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - licensing.yaml + - clusterrole.yaml + - clusterrolebinding.yaml + - deployment.yaml + - service.yaml + - serviceaccount.yaml diff --git a/base/cfk-base/2.0.3/templates/licensing.yaml b/base/cfk-base/2.0.3/templates/licensing.yaml new file mode 100644 index 0000000..257a9a6 --- /dev/null +++ b/base/cfk-base/2.0.3/templates/licensing.yaml @@ -0,0 +1,17 @@ +--- +# Source: confluent-for-kubernetes/templates/licensing.yaml +apiVersion: v1 +kind: Secret +metadata: + labels: + app: confluent-for-kubernetes + app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: confluent-for-kubernetes-0.174.25 + namespace: default + name: confluent-operator-licensing +type: Opaque +data: + publicKey.pem: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF2YUd5OFRPZGJDTXlTTTd6cVpzeApuNjJ5dUUrQmhJUGxjOXo5Y3RyWCt0QldOQ0NKZVBaYktIVFpTOXVLTGVLVWk5dTA3dHMvMzVYUm5FNEFURDZxCmx3am5Tb0pPa2VJWGNZaUorWEdFeE4xb1JFOFJsNW90dmRtSkVzYjlZNkpzZmUybFJDQ3NaTng2azFzMU5tUUYKUjR3blJpS3lsSWlZSjl1V1VHZkgxOEpLWnFNOHo5UXFrWi8relFrekhOWXNYbi9ZeVJ1RElRWGVVU2VjaHI5MwpKanQ3OUFpa3NraWNvVDA0bHF6L0dhSHoyV0pFeXV2TExFMWpOQk9Db21LbDA1UWIreXZKbUdudC83SFg2SFQ3CjNobkNYYnNsd3R6cDBDbWVHT2lKUmJKeGJhaGtURnFoMW9LcVpYVURDWnJLQ05OUnZYcU4vUUhxbmF3bzZrSnkKOHdJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0t diff --git a/base/cfk-base/2.0.3/templates/service.yaml b/base/cfk-base/2.0.3/templates/service.yaml new file mode 100644 index 0000000..7698f4d --- /dev/null +++ b/base/cfk-base/2.0.3/templates/service.yaml @@ -0,0 +1,24 @@ +--- +# Source: confluent-for-kubernetes/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + labels: + app: confluent-for-kubernetes + app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: confluent-for-kubernetes-0.174.25 + name: confluent-operator + namespace: default +spec: + ports: + - name: http-metric + port: 7778 + protocol: TCP + targetPort: 7778 + selector: + app: "confluent-operator" + app.kubernetes.io/name: "confluent-operator" + type: ClusterIP diff --git a/base/cfk-base/2.0.3/templates/serviceaccount.yaml b/base/cfk-base/2.0.3/templates/serviceaccount.yaml new file mode 100644 index 0000000..87f3dec --- /dev/null +++ b/base/cfk-base/2.0.3/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +--- +# Source: confluent-for-kubernetes/templates/serviceaccount.yaml +apiVersion: v1 +imagePullSecrets: +- name: confluent-registry +kind: ServiceAccount +metadata: + labels: + app: confluent-for-kubernetes + app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: confluent-for-kubernetes-0.174.25 + name: confluent-for-kubernetes + namespace: default diff --git a/base/cfk-base/2.0.4/crds/kustomization.yaml b/base/cfk-base/2.0.4/crds/kustomization.yaml new file mode 100644 index 0000000..2ad3673 --- /dev/null +++ b/base/cfk-base/2.0.4/crds/kustomization.yaml @@ -0,0 +1,13 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - platform.confluent.io_confluentrolebindings.yaml + - platform.confluent.io_connects.yaml + - platform.confluent.io_controlcenters.yaml + - platform.confluent.io_kafkarestclasses.yaml + - platform.confluent.io_kafkas.yaml + - platform.confluent.io_kafkatopics.yaml + - platform.confluent.io_ksqldbs.yaml + - platform.confluent.io_migrationjobs.yaml + - platform.confluent.io_schemaregistries.yaml + - platform.confluent.io_zookeepers.yaml diff --git a/base/cfk-base/2.0.4/crds/platform.confluent.io_confluentrolebindings.yaml b/base/cfk-base/2.0.4/crds/platform.confluent.io_confluentrolebindings.yaml new file mode 100644 index 0000000..fbd2bbf --- /dev/null +++ b/base/cfk-base/2.0.4/crds/platform.confluent.io_confluentrolebindings.yaml @@ -0,0 +1,252 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_confluentrolebindings.yaml + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: confluentrolebindings.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.state + name: Status + type: string + - JSONPath: .status.kafkaClusterId + name: KafkaClusterId + type: string + - JSONPath: .status.principal + name: Principal + type: string + - JSONPath: .status.role + name: Role + type: string + - JSONPath: .status.kafkaRestClass + name: KafkaRestClass + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.clusterRegistryName + name: ClusterRegistryName + priority: 1 + type: string + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: ConfluentRolebinding + listKind: ConfluentRolebindingList + plural: confluentrolebindings + shortNames: + - cfrb + - confluentrolebinding + singular: confluentrolebinding + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: ConfluentRolebinding is the Schema for the confluentrolebinding + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ConfluentRolebindingSpec defines the desired state of rolebinding + for cp component when rbac is enabled + properties: + clustersScopeByIds: + description: ClusterScope defines the scope of clustersId + properties: + connectClusterId: + minLength: 1 + type: string + kafkaClusterId: + minLength: 1 + type: string + ksqlClusterId: + minLength: 1 + type: string + schemaRegistryClusterId: + minLength: 1 + type: string + type: object + clustersScopeByRegistryName: + description: ClusterRegistryName defines the unique cluster name customer + registered in cluster registry + minLength: 1 + type: string + kafkaRestClassRef: + description: KafkaRestClassRef defines the reference for KafkaRestClass + which defines Kafka Rest API + properties: + name: + description: Name defines the name of KafkaRestClass + minLength: 1 + type: string + namespace: + description: Namespace defines the namespace of the KafkaRestClass + type: string + required: + - name + type: object + principal: + description: Principal defines the confluent rolebinding principal name + and the binding details. + properties: + name: + description: Name defines the name of the principal(user/group) + minLength: 1 + type: string + type: + enum: + - user + - group + type: string + required: + - name + - type + type: object + resourcePatterns: + description: ResourcePatterns define the qualified resources associated + with this rolebinding + items: + description: ResourcePattern define the qualified resource info associated + with this rolebinding + properties: + name: + description: Name defines the name of resource associated with + this rolebinding + minLength: 1 + type: string + patternType: + description: PatternType defines whether the pattern of resource + is PREFIXED or LITERAL, default is LITERAL if not set + enum: + - PREFIXED + - LITERAL + type: string + resourceType: + description: ResourceType defines the type of resource + minLength: 1 + type: string + required: + - name + - resourceType + type: object + type: array + role: + description: Role defines the name of the Role + minLength: 1 + type: string + required: + - principal + - role + type: object + status: + description: ConfluentRolebindingStatus defines the observed state of ConfluentRolebinding + properties: + clusterRegistryName: + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + kafkaClusterId: + type: string + kafkaRestClass: + type: string + mdsEndpoint: + type: string + principal: + type: string + resourcePatterns: + items: + description: ResourcePattern define the qualified resource info associated + with this rolebinding + properties: + name: + description: Name defines the name of resource associated with + this rolebinding + minLength: 1 + type: string + patternType: + description: PatternType defines whether the pattern of resource + is PREFIXED or LITERAL, default is LITERAL if not set + enum: + - PREFIXED + - LITERAL + type: string + resourceType: + description: ResourceType defines the type of resource + minLength: 1 + type: string + required: + - name + - resourceType + type: object + type: array + role: + type: string + state: + type: string + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.0.4/crds/platform.confluent.io_connects.yaml b/base/cfk-base/2.0.4/crds/platform.confluent.io_connects.yaml new file mode 100644 index 0000000..dd06087 --- /dev/null +++ b/base/cfk-base/2.0.4/crds/platform.confluent.io_connects.yaml @@ -0,0 +1,2959 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_connects.yaml + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: connects.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.replicas + name: Replicas + type: string + - JSONPath: .status.readyReplicas + name: Ready + type: string + - JSONPath: .status.phase + name: Status + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.kafka.bootstrapEndpoint + name: Kafka + priority: 1 + type: string + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: Connect + listKind: ConnectList + plural: connects + shortNames: + - connect + singular: connect + preserveUnknownFields: false + scope: Namespaced + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + validation: + openAPIV3Schema: + description: Connect is the Schema for the Connects API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ConnectSpec defines the desired state of Connect + properties: + authentication: + description: Rest server security fields + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic credential + through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on the + server side only. Changes will be only reflected in ControlCenter + (C3). This configuration is ignored on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on the + server side only. This configuration is ignored on the client + side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme for Rest + Server + enum: + - basic + - mtls + type: string + required: + - type + type: object + authorization: + description: Authorization + properties: + kafkaRestClassRef: + description: KafkaRestClassRef defines the reference for KafkaRestClass + which defines Kafka Rest API + properties: + name: + description: Name defines the name of KafkaRestClass + minLength: 1 + type: string + namespace: + description: Namespace defines the namespace of the KafkaRestClass + type: string + required: + - name + type: object + type: + enum: + - rbac + type: string + required: + - type + type: object + configOverrides: + description: ConfigurationOverrides defines capability to override server/jvm/log4j + properties for each Confluent platform component. Change will roll + the cluster + properties: + jvm: + description: JVM defines a list of jvm configuration supported by + application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported by + application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + connectorOverridePolicy: + description: ConnectorOverridePolicy allows policy to permit per-connector + override configuration for producer/consumer/admin prefix. More information + can be found here, https://docs.confluent.io/platform/current/connect/security.html#separate-principals + enum: + - All + - Principal + type: string + dependencies: + description: ConnectDependencies holds dependencies a connect requires + or can enable + properties: + admin: + description: configure admin client If bootstrapEndpoint is not + configured, the security is configured based on the kafka dependencies + configuration. Configure if different bootstrapEndpoint is required + for admin client + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + consumer: + description: Consumer security configuration to connect to Kafka + Cluster pointed by bootstrapEndpoint, used for sink connectors. + If bootstrapEndpoint is not configured, the security is configured + based on the kafka dependencies configuration. Configure if different + bootstrapEndpoint is required for consumer + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + interceptor: + description: configure confluent monitoring interceptor + properties: + configs: + description: Configs defines configs for the CP interceptor + Config override feature can be used to pass config + items: + type: string + type: array + consumer: + description: Consumer defines the consumer configuration for + interceptor. If not configured it will use the kafka dependency + configuration + properties: + authentication: + description: Authentication defines the authentication for + the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's + JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference + to pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete + JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability + to discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is + running Uses the same namespace where Operator is + running if not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side + TLS setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + enabled: + description: Enabled defines to enable the CP interceptor configuration + type: boolean + producer: + description: Producer defines the producer configuration for + interceptor. If not configured it will use the kafka dependency + configuration + properties: + authentication: + description: Authentication defines the authentication for + the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's + JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference + to pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete + JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability + to discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is + running Uses the same namespace where Operator is + running if not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side + TLS setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + publishMs: + type: integer + required: + - enabled + type: object + kafka: + description: Connect dependency for connecting to kafka. Uses discovery + if that specified + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: Mds configurations for when RBAC is enabled + properties: + authentication: + description: Authentication defines MDS authentication configuration + properties: + bearer: + description: BearerAuthentication defines bearer authentication + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines the authentication type support + for MDS + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: Endpoint defines the mds endpoint + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: TokenKeyPair defines the token keypair to configure + MDS + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - authentication + - endpoint + - tokenKeyPair + type: object + producer: + description: Producer security configuration to connect to Kafka + Cluster pointed by bootstrapEndpoint, used for source connectors. + If bootstrapEndpoint is not configured, the security is configured + based on the kafka dependencies configuration. Configure if different + bootstrapEndpoint/security is required for producer + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + schemaRegistry: + description: configure connect dependency for schemaregistry + properties: + authentication: + description: Authentication defines the authentication for the + schemaregistry cluster + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass + basic credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles + on the server side only. Changes will be only reflected + in ControlCenter (C3). This configuration is ignored + on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is ignored + on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for schemaregistry cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - url + type: object + type: object + enableSchemas: + description: EnableSchemas defines whether to enable scheme or not + type: boolean + externalAccess: + description: CPExternalAccess holds all external access policies for + non-kafka components + properties: + loadBalancer: + description: LoadBalancer allows to create a kubernetes load balancer + service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type load balancer + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring source + range + items: + type: string + type: array + port: + description: Port allows to configure external port for client + consumption If not configured, same internal/external port + will be configured per component Information about the port + can be retrieved through status API + format: int32 + type: integer + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port offset + to be used and will go in the increasing order with respect + to the replicas count NodePort service creation will fail + if the node port to be used is not in the range supported + by kubernetes api-server. The default kubernetes NodePort + range is 30000-32762 + format: int32 + minimum: 0 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) For Kafka with nodePort type, it will only apply to + kafka bootstrap service + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for OpenShift + Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the OpenShift + service type route + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. It defaults + to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: Type defines supported kubernetes external services + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + image: + description: Image defines application and init docker image configuration. + Change will roll the cluster + properties: + application: + description: Application defines application docker image name + pattern: .+:.+ + type: string + init: + description: Init defines init-container name + pattern: .+:.+ + type: string + pullPolicy: + description: ImagePullPolicy, One of Always, Never, IfNotPresent. + Defaults to IfNotPresent. + enum: + - Always + - Never + - IfNotPresent + type: string + pullSecretRef: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods that + reference this ServiceAccount. ImagePullSecrets are distinct from + Secrets because Secrets can be mounted in the pod, but ImagePullSecrets + are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: InjectAnnotations annotations are injected to all the internal + resources created by Operator. All the internal annotations is preserved + and forbidden to override. For pod annotations, use podTemplate.annotations + type: object + injectLabels: + additionalProperties: + type: string + description: InjectLabels labels are injected to all the internal resources + created by Operator. All the internal labels is preserved and forbidden + to override. For pod labels, use podTemplate.labels + type: object + internalTopicReplicationFactor: + description: ' InternalTopicReplicationFactor defines internal topic + replication factor If not configured, it will be configured as 3' + format: int32 + type: integer + k8sClusterDomain: + description: K8SClusterDomain defines configuring kubernetes cluster + domain if required. If this setting is not configured it will default + to cluster.local domain. + type: string + keyConverterType: + description: KeyConverter defines the supported converters package for + CP platform Supported converter types here, https://docs.confluent.io/current/connect/concepts.html#connect-converters + By default, it is configured as org.apache.kafka.connect.json.JsonConverter + minLength: 1 + type: string + license: + description: License defines license configuration for Confluent platform + component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where license key is mounted. More information about + the usage be found in Confluent Operator document. + minLength: 1 + type: string + globalLicense: + description: GlobalLicense specifies whether operator pod license + will be used for this component If enabled then Confluent platform + component shares Confluent Operator license. + type: boolean + secretRef: + description: SecretRef is secret reference which provides license + for CP component More information about the license key struct + can be found in Confluent Operator document. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + metrics: + description: Metrics specifies the security settings for metric services + properties: + authentication: + description: Metrics security authentication + properties: + type: + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: Override for jmx-prometheus exporter configs + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Prometheus exporter rule override + properties: + attrNameSnakeCase: + minLength: 1 + type: string + cache: + minLength: 1 + type: string + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + minLength: 1 + type: string + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP component + (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: MountedSecrets defines list of secrets reference injected + to the the underlying statefulset configuration. The secret reference + is mounted secret mounted in default path /mnt/secrets/. + The underlying resources will follow the secret as a file configuration + as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod + Change will roll the cluster + items: + description: MountedSecrets allows provides a way to inject custom + secret to underlying statefulset. + properties: + keyItems: + description: keyItems is list of key and path names + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must + be a value between 0 and 0777. If not specified, the volume + defaultMode will be used. This might be in conflict with + other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key + to. May not be an absolute path. May not contain the path + element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: SecretRef defines the secret name referenced + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + oneReplicaPerNode: + description: OneReplicaPerNode enforces to run 1 pod per node through + pod anti-affinity capability. Enabling this configuration in existing + cluster will roll. Change will roll the cluster + type: boolean + podTemplate: + description: PodTemplate defines some statefulset pod template configuration + properties: + affinity: + description: 'Affinity is a group of affinity scheduling rules. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its + node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. + The TopologySelectorTerm type implements a subset + of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the + sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations defines an unstructured key value map + stored with a resource that may be set by external tools to store + and retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + envVars: + description: 'EnvVars defines the collection of EnvVar to inject + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Labels defines map of string keys and values that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present in + container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all + containers in a pod. Some volume types allow the Kubelet to + change the ownership of that volume to be owned by the pod: + \n 1. The owning GID will be the FSGroup 2. The setgid bit + is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership and permissions + of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence for + that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to + start the container if it does. If unset or false, no such + validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run + in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName defines priority class for the pod + (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: Probe defines some fields of standard kubernetes readiness/liveness + probe configuration. + properties: + liveness: + description: Liveness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + readiness: + description: Readiness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + type: object + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds defines grace period + for pod deletion + format: int64 + type: integer + tolerations: + description: Tolerations defines The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator . + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using the + matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to + Equal. Exists is equivalent to wildcard for value, so that + a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do + not evict). Zero and negative values will be treated as + 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraints describes how a group of + pods ought to spread across topology domains. Scheduler will schedule + pods in a way which abides by the constraints. All topologySpreadConstraints + are ANDed. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods may + be unevenly distributed. It''s the maximum permitted difference + between the number of matching pods in any two topology + domains of a given topology type. For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with the same labelSelector + spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | + - if MaxSkew is 1, incoming pod can only be scheduled to + zone3 to become 1/1/1; scheduling it onto zone1(zone2) would + make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any + zone. It''s a required field. Default value is 1 and 0 is + not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule + (default) tells the scheduler not to schedule it - ScheduleAnyway + tells the scheduler to still schedule it It''s considered + as "Unsatisfiable" if and only if placing incoming pod on + any topology violates "MaxSkew". For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with the same labelSelector + spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod + can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). + In other words, the cluster can still be imbalanced, but + scheduler won''t make it *more* imbalanced. It''s a required + field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + replicas: + description: Replicas is the desired number of replicas of the given + Template. Change will roll the cluster + format: int32 + type: integer + telemetry: + description: ConfluentTelemetry defines the confluent telemetry reporter + configuration + properties: + global: + description: Global will allow disabling telemetry configuration. + If Operator is deployed with telemetry, this field is only is + used to disabled. By default the value is true if telemetry is + enabled in global level. + type: boolean + type: object + tls: + description: TLS allows configuring CP Component's server configuration + properties: + autoGeneratedCerts: + description: AutoGenerated if configures generates the certificates + based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where keystore/truststore.jks/jksPassword.txt keys + are mounted. CP will not configure truststore.jks can be ignored + with IgnoreTrustStoreConfig field + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the truststore + configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced for + jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced for + jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for certificates + More information about certificates key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + valueConverterType: + description: ValueConverter defines the supported converters package + for CP platform Supported converter types here, https://docs.confluent.io/current/connect/concepts.html#connect-converters + By default, it is configured as org.apache.kafka.connect.json.JsonConverter + minLength: 1 + type: string + required: + - image + - replicas + type: object + status: + description: ConnectStatus defines the observed state of Connect + properties: + authorizationType: + type: string + clusterName: + description: ClusterName defines the name of the cluster + type: string + clusterNamespace: + description: ClusterNamespace provides the namespace where cluster is + running + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + currentReplicas: + description: CurrentReplicas defines current running replicas + format: int32 + type: integer + groupId: + type: string + internalSecrets: + description: InternalSecrets defines the list of internal secrets created + by Operator for each CP component. + items: + type: string + type: array + internalTopicNames: + description: InternalTopicNames is a list of topics used by the component + for internal use + items: + type: string + type: array + kafka: + description: KafkaClientInfoStatus defines the kafka client side status + for all CP component + properties: + authenticationType: + description: AuthenticationType defines the authentication type + for kafka + type: string + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + type: string + tls: + description: TLS defines if tls is enabled for kafka dependency + type: boolean + type: object + operatorVersion: + description: OperatorVersion defines the internal version of operator + type: string + phase: + description: Phase defines the state of the CP component + type: string + rbac: + description: RBACInfoStatus defines RBAC related status when RBAC is + enabled + properties: + clusterId: + description: ClusterId defines the id of cluster + type: string + internalRolebindings: + description: RolebindingState defines the state of internal rolebindings + items: + type: string + type: array + type: object + readyReplicas: + description: ReadyReplicas defines current ready replicas + format: int32 + type: integer + replicas: + description: Replicas defines replicas + format: int32 + type: integer + restConfig: + description: ListenerStatus describes general information about a listeners + properties: + advertisedExternalEndpoints: + description: AdvertisedExternalEndpoints defines other advertised + endpoints, especially use for kafka + items: + type: string + type: array + authenticationType: + description: AuthenticationType defines authentication type configured + by a listener + type: string + externalAccessType: + description: ExternalAccessType is the external access type used + for the listener + type: string + externalEndpoint: + description: ExternalEndpoint defines the external endpoint to connect + to the service + type: string + internalEndpoint: + description: InternalEndpoint defines the internal endpoint to connect + to the service + type: string + tls: + description: TLS defines whether tls is configured by a listener + type: boolean + type: object + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.0.4/crds/platform.confluent.io_controlcenters.yaml b/base/cfk-base/2.0.4/crds/platform.confluent.io_controlcenters.yaml new file mode 100644 index 0000000..e7dd6c8 --- /dev/null +++ b/base/cfk-base/2.0.4/crds/platform.confluent.io_controlcenters.yaml @@ -0,0 +1,2900 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_controlcenters.yaml + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: controlcenters.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.replicas + name: Replicas + type: string + - JSONPath: .status.readyReplicas + name: Ready + type: string + - JSONPath: .status.phase + name: Status + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.kafka.bootstrapEndpoint + name: Kafka + priority: 1 + type: string + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: ControlCenter + listKind: ControlCenterList + plural: controlcenters + shortNames: + - controlcenter + - c3 + singular: controlcenter + preserveUnknownFields: false + scope: Namespaced + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + validation: + openAPIV3Schema: + description: ControlCenter is the Schema for the controlcenter API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ControlCenterSpec defines the desired state of ControlCenter + properties: + authentication: + description: Authentication defines the rest-endpoint configuration + properties: + basic: + description: BasicAuthentication defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic credential + through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on the + server side only. Changes will be only reflected in ControlCenter + (C3). This configuration is ignored on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on the + server side only. This configuration is ignored on the client + side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + ldap: + description: C3LdapAuthentication defines ldap authentication + properties: + property: + additionalProperties: + type: string + description: Property defines all the properties for LDAP configuration + Make sure to use secret object to pass username/password + type: object + restrictedRoles: + description: RestrictedRoles defines restricted access roles + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on the + server side only. + items: + type: string + minItems: 1 + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - basic + - ldap + - mtls + type: string + required: + - type + type: object + authorization: + description: Authorization defines authorization configurations + properties: + kafkaRestClassRef: + description: KafkaRestClassRef defines the reference for KafkaRestClass + which defines Kafka Rest API + properties: + name: + description: Name defines the name of KafkaRestClass + minLength: 1 + type: string + namespace: + description: Namespace defines the namespace of the KafkaRestClass + type: string + required: + - name + type: object + type: + enum: + - rbac + type: string + required: + - type + type: object + configOverrides: + description: ConfigurationOverrides defines capability to override server/jvm/log4j + properties for each Confluent platform component. Change will roll + the cluster + properties: + jvm: + description: JVM defines a list of jvm configuration supported by + application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported by + application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + dataVolumeCapacity: + anyOf: + - type: integer + - type: string + description: DataVolumeCapacity defines the data size for PV + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + dependencies: + description: Dependencies defines all the dependencies service configuration + properties: + connect: + description: Connect defines connect worker dependencies configuration + items: + description: ControlCenterConnectDependency + properties: + authentication: + description: Authentication defines the authentication for + the connect cluster + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass + basic credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles + on the server side only. Changes will be only reflected + in ControlCenter (C3). This configuration is ignored + on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is ignored + on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + name: + description: Name defines the cluster name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + tls: + description: TLSDependencyConfig defines the client side TLS + setting for connect cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - name + - url + type: object + type: array + kafka: + description: Kafka defines kafka dependencies configuration + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + ksqldb: + description: KsqlDB defines ksqldb dependencies configuration + items: + description: ControlCenterKSQLDependency + properties: + advertisedUrl: + description: AdvertisedURL defines the advertised url to use + in browser. + minLength: 1 + pattern: ^https?://.* + type: string + authentication: + description: Authentication defines the authentication for + the ksqldb cluster + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass + basic credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles + on the server side only. Changes will be only reflected + in ControlCenter (C3). This configuration is ignored + on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is ignored + on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + name: + description: Name defines the cluster name + minLength: 1 + type: string + tls: + description: TLSDependencyConfig defines the client side TLS + setting for ksqldb cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - name + - url + type: object + type: array + mds: + description: MDSDependencies defines the RBAC dependencies configurations + properties: + authentication: + description: Authentication defines MDS authentication configuration + properties: + bearer: + description: BearerAuthentication defines bearer authentication + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines the authentication type support + for MDS + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: Endpoint defines the mds endpoint + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: TokenKeyPair defines the token keypair to configure + MDS + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - authentication + - endpoint + - tokenKeyPair + type: object + schemaRegistry: + description: SchemaRegistry defines schema registry dependencies + configuration + properties: + authentication: + description: Authentication defines the authentication for the + schemaregistry cluster + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass + basic credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles + on the server side only. Changes will be only reflected + in ControlCenter (C3). This configuration is ignored + on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is ignored + on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + clusters: + items: + description: ControlCenterMultiSchemaRegistryDependency + properties: + authentication: + description: Authentication defines the authentication + for the schemaregistry cluster + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to + pass basic credential through directory path + in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted + roles on the server side only. Changes will + be only reflected in ControlCenter (C3). This + configuration is ignored on the client side + configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration + is ignored on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication + scheme for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + name: + description: Name defines the cluster name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + tls: + description: TLSDependencyConfig defines the client side + TLS setting for schemaregistry cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the + directory path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration + for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure + ignores the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name + referenced for jks password More information + about jks password key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - name + - url + type: object + type: array + tls: + description: TLSDependencyConfig defines the client side TLS + setting for schemaregistry cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - url + type: object + type: object + externalAccess: + description: ExternalAccess defines the external access configuration + properties: + loadBalancer: + description: LoadBalancer allows to create a kubernetes load balancer + service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type load balancer + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring source + range + items: + type: string + type: array + port: + description: Port allows to configure external port for client + consumption If not configured, same internal/external port + will be configured per component Information about the port + can be retrieved through status API + format: int32 + type: integer + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port offset + to be used and will go in the increasing order with respect + to the replicas count NodePort service creation will fail + if the node port to be used is not in the range supported + by kubernetes api-server. The default kubernetes NodePort + range is 30000-32762 + format: int32 + minimum: 0 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) For Kafka with nodePort type, it will only apply to + kafka bootstrap service + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for OpenShift + Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the OpenShift + service type route + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. It defaults + to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: Type defines supported kubernetes external services + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + id: + description: ControlCenterID identifier used as a prefix so that multiple + instances of Control Center can co-exist. + format: int32 + type: integer + image: + description: Image defines application and init docker image configuration. + Change will roll the cluster + properties: + application: + description: Application defines application docker image name + pattern: .+:.+ + type: string + init: + description: Init defines init-container name + pattern: .+:.+ + type: string + pullPolicy: + description: ImagePullPolicy, One of Always, Never, IfNotPresent. + Defaults to IfNotPresent. + enum: + - Always + - Never + - IfNotPresent + type: string + pullSecretRef: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods that + reference this ServiceAccount. ImagePullSecrets are distinct from + Secrets because Secrets can be mounted in the pod, but ImagePullSecrets + are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: InjectAnnotations annotations are injected to all the internal + resources created by Operator. All the internal annotations is preserved + and forbidden to override. For pod annotations, use podTemplate.annotations + type: object + injectLabels: + additionalProperties: + type: string + description: InjectLabels labels are injected to all the internal resources + created by Operator. All the internal labels is preserved and forbidden + to override. For pod labels, use podTemplate.labels + type: object + internalTopicReplicatorFactor: + format: int32 + type: integer + k8sClusterDomain: + description: K8SClusterDomain defines configuring kubernetes cluster + domain if required. If this setting is not configured it will default + to cluster.local domain. + type: string + license: + description: License defines license configuration for Confluent platform + component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where license key is mounted. More information about + the usage be found in Confluent Operator document. + minLength: 1 + type: string + globalLicense: + description: GlobalLicense specifies whether operator pod license + will be used for this component If enabled then Confluent platform + component shares Confluent Operator license. + type: boolean + secretRef: + description: SecretRef is secret reference which provides license + for CP component More information about the license key struct + can be found in Confluent Operator document. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + mail: + description: ControlCenterSMTPServer, these settings control the SMTP + server and account used when an alerts triggers the email action. + properties: + authentication: + description: Authentication SMTP supports basic authentication support + only For other types of authentication use config overrides capability. + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic + credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on + the server side only. Changes will be only reflected in + ControlCenter (C3). This configuration is ignored on the + client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on + the server side only. This configuration is ignored on + the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme for + Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + checkServerIdentity: + description: CheckServerIdentity forces validation of server’s certificate + when using STARTTLS or SSL. + type: boolean + hostname: + description: Hostname of outgoing SMTP server + minLength: 1 + type: string + mailBounceAddress: + description: MailBounceAddress override for MailFrom config to send + message + minLength: 1 + type: string + mailFrom: + description: MailFrom the originating address for emails sent from + Control Center. + minLength: 1 + type: string + port: + description: Port SMTP port open on for hostname + format: int32 + type: integer + startTLSRequired: + description: StartTLSRequired forces using STARTTLS. + type: boolean + required: + - hostname + type: object + metrics: + description: Metrics specifies the security settings for metric services + properties: + authentication: + description: Metrics security authentication + properties: + type: + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: Override for jmx-prometheus exporter configs + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Prometheus exporter rule override + properties: + attrNameSnakeCase: + minLength: 1 + type: string + cache: + minLength: 1 + type: string + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + minLength: 1 + type: string + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP component + (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + monitoringKafkaClusters: + description: MonitoringKafkaClusters defines configuring monitoring + clusters + items: + description: MonitoringKafkaClusters kafka cluster configuration + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + name: + description: Name defines the cluster name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + tls: + description: TLSDependencyConfig defines the client side TLS setting + for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + required: + - name + type: object + type: array + mountedSecrets: + description: MountedSecrets defines list of secrets reference injected + to the the underlying statefulset configuration. The secret reference + is mounted secret mounted in default path /mnt/secrets/. + The underlying resources will follow the secret as a file configuration + as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod + Change will roll the cluster + items: + description: MountedSecrets allows provides a way to inject custom + secret to underlying statefulset. + properties: + keyItems: + description: keyItems is list of key and path names + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must + be a value between 0 and 0777. If not specified, the volume + defaultMode will be used. This might be in conflict with + other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key + to. May not be an absolute path. May not contain the path + element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: SecretRef defines the secret name referenced + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + name: + description: ControlCenterName name of the cluster + type: string + oneReplicaPerNode: + description: OneReplicaPerNode enforces to run 1 pod per node through + pod anti-affinity capability. Enabling this configuration in existing + cluster will roll. Change will roll the cluster + type: boolean + podTemplate: + description: PodTemplate defines some statefulset pod template configuration + properties: + affinity: + description: 'Affinity is a group of affinity scheduling rules. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its + node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. + The TopologySelectorTerm type implements a subset + of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the + sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations defines an unstructured key value map + stored with a resource that may be set by external tools to store + and retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + envVars: + description: 'EnvVars defines the collection of EnvVar to inject + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Labels defines map of string keys and values that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present in + container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all + containers in a pod. Some volume types allow the Kubelet to + change the ownership of that volume to be owned by the pod: + \n 1. The owning GID will be the FSGroup 2. The setgid bit + is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership and permissions + of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence for + that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to + start the container if it does. If unset or false, no such + validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run + in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName defines priority class for the pod + (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: Probe defines some fields of standard kubernetes readiness/liveness + probe configuration. + properties: + liveness: + description: Liveness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + readiness: + description: Readiness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + type: object + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds defines grace period + for pod deletion + format: int64 + type: integer + tolerations: + description: Tolerations defines The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator . + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using the + matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to + Equal. Exists is equivalent to wildcard for value, so that + a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do + not evict). Zero and negative values will be treated as + 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraints describes how a group of + pods ought to spread across topology domains. Scheduler will schedule + pods in a way which abides by the constraints. All topologySpreadConstraints + are ANDed. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods may + be unevenly distributed. It''s the maximum permitted difference + between the number of matching pods in any two topology + domains of a given topology type. For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with the same labelSelector + spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | + - if MaxSkew is 1, incoming pod can only be scheduled to + zone3 to become 1/1/1; scheduling it onto zone1(zone2) would + make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any + zone. It''s a required field. Default value is 1 and 0 is + not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule + (default) tells the scheduler not to schedule it - ScheduleAnyway + tells the scheduler to still schedule it It''s considered + as "Unsatisfiable" if and only if placing incoming pod on + any topology violates "MaxSkew". For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with the same labelSelector + spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod + can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). + In other words, the cluster can still be imbalanced, but + scheduler won''t make it *more* imbalanced. It''s a required + field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + replicas: + description: Replicas is the desired number of replicas of the given + Template. Change will roll the cluster + format: int32 + type: integer + storageClass: + description: StorageClass defines user provided storage class reference + properties: + name: + description: Name defines name is the storage class reference name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + telemetry: + description: ConfluentTelemetry defines the confluent telemetry reporter + configuration + properties: + global: + description: Global will allow disabling telemetry configuration. + If Operator is deployed with telemetry, this field is only is + used to disabled. By default the value is true if telemetry is + enabled in global level. + type: boolean + type: object + tls: + description: TLS defines tls configuration for rest-endpoint + properties: + autoGeneratedCerts: + description: AutoGenerated if configures generates the certificates + based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where keystore/truststore.jks/jksPassword.txt keys + are mounted. CP will not configure truststore.jks can be ignored + with IgnoreTrustStoreConfig field + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the truststore + configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced for + jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced for + jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for certificates + More information about certificates key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - dataVolumeCapacity + - image + - replicas + type: object + status: + description: ControlCenterStatus defines the observed state of ControlCenter + properties: + authorizationType: + type: string + clusterName: + description: ClusterName defines the name of the cluster + type: string + clusterNamespace: + description: ClusterNamespace provides the namespace where cluster is + running + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + controlCenterName: + type: string + currentReplicas: + description: CurrentReplicas defines current running replicas + format: int32 + type: integer + id: + format: int32 + type: integer + internalSecrets: + description: InternalSecrets defines the list of internal secrets created + by Operator for each CP component. + items: + type: string + type: array + internalTopicNames: + description: InternalTopicNames is a list of topics used by the component + for internal use + items: + type: string + type: array + kafka: + description: KafkaClientInfoStatus defines the kafka client side status + for all CP component + properties: + authenticationType: + description: AuthenticationType defines the authentication type + for kafka + type: string + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + type: string + tls: + description: TLS defines if tls is enabled for kafka dependency + type: boolean + type: object + operatorVersion: + description: OperatorVersion defines the internal version of operator + type: string + phase: + description: Phase defines the state of the CP component + type: string + rbac: + description: RBACInfoStatus defines RBAC related status when RBAC is + enabled + properties: + clusterId: + description: ClusterId defines the id of cluster + type: string + internalRolebindings: + description: RolebindingState defines the state of internal rolebindings + items: + type: string + type: array + type: object + readyReplicas: + description: ReadyReplicas defines current ready replicas + format: int32 + type: integer + replicas: + description: Replicas defines replicas + format: int32 + type: integer + restConfig: + description: ListenerStatus describes general information about a listeners + properties: + advertisedExternalEndpoints: + description: AdvertisedExternalEndpoints defines other advertised + endpoints, especially use for kafka + items: + type: string + type: array + authenticationType: + description: AuthenticationType defines authentication type configured + by a listener + type: string + externalAccessType: + description: ExternalAccessType is the external access type used + for the listener + type: string + externalEndpoint: + description: ExternalEndpoint defines the external endpoint to connect + to the service + type: string + internalEndpoint: + description: InternalEndpoint defines the internal endpoint to connect + to the service + type: string + tls: + description: TLS defines whether tls is configured by a listener + type: boolean + type: object + required: + - id + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.0.4/crds/platform.confluent.io_kafkarestclasses.yaml b/base/cfk-base/2.0.4/crds/platform.confluent.io_kafkarestclasses.yaml new file mode 100644 index 0000000..56f6cf4 --- /dev/null +++ b/base/cfk-base/2.0.4/crds/platform.confluent.io_kafkarestclasses.yaml @@ -0,0 +1,326 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_kafkarestclasses.yaml + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: kafkarestclasses.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: KafkaRestClass + listKind: KafkaRestClassList + plural: kafkarestclasses + shortNames: + - krc + - kafkarestclass + singular: kafkarestclass + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: KafkaRestClass is the Schema for the kafkarestclasses API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KafkaRestClassSpec defines the desired state of KafkaRestClass + properties: + kafkaClusterRef: + description: KafkaClusterRef defines the name of the kafka cluster + properties: + name: + description: Name defines name of the Kafka cluster + minLength: 1 + type: string + namespace: + description: Namespace defines namespace where kafka cluster is + running + minLength: 1 + type: string + required: + - name + type: object + kafkaRest: + description: KafkaRestApiInfo defines Kafka Rest API configuration + properties: + authentication: + description: Authentication defines authentication of Kafka Rest + API + properties: + basic: + description: KafkaRestBasicAuthentication defines basic authentication + properties: + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + bearer: + description: KafkaRestBearerAuthentication defines bearer authentication, + used by MDS clients when RBAC enabled + properties: + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: + enum: + - basic + - bearer + type: string + required: + - type + type: object + endpoint: + description: Endpoint defines where confluent Kafka Rest API is + running + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: TLSDependencyConfig defines the client side tls configuration + to connect to Kafka Rest API + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + secondaryKafkaClusterRef: + description: SecondaryKafkaClusterRef defines the name of the secondary + kafka cluster when using centralized RBAC + properties: + name: + description: Name defines name of the Kafka cluster + minLength: 1 + type: string + namespace: + description: Namespace defines namespace where kafka cluster is + running + minLength: 1 + type: string + required: + - name + type: object + secondaryKafkaRest: + description: SeconaryKafkaRestApiInfo defines secondary Kafka Rest API + configuration when using centralized RBAC + properties: + authentication: + description: Authentication defines authentication of Kafka Rest + API + properties: + basic: + description: KafkaRestBasicAuthentication defines basic authentication + properties: + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + bearer: + description: KafkaRestBearerAuthentication defines bearer authentication, + used by MDS clients when RBAC enabled + properties: + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: + enum: + - basic + - bearer + type: string + required: + - type + type: object + endpoint: + description: Endpoint defines where confluent Kafka Rest API is + running + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: TLSDependencyConfig defines the client side tls configuration + to connect to Kafka Rest API + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + type: object + status: + description: KafkaRestClassStatus defines the observed state of KafkaRestClass + properties: + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + endpoint: + description: Endpoint defines the kafkarest/mds endpoint + type: string + kafkaClusterId: + description: KafkaClusterId defines the cluster id of kafka cluster + If using centralized RBAC and kafkarestclass is for secondary kafka + cluster, it will be clusterId of secondary kafka cluster + type: string + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.0.4/crds/platform.confluent.io_kafkas.yaml b/base/cfk-base/2.0.4/crds/platform.confluent.io_kafkas.yaml new file mode 100644 index 0000000..e789a58 --- /dev/null +++ b/base/cfk-base/2.0.4/crds/platform.confluent.io_kafkas.yaml @@ -0,0 +1,4142 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_kafkas.yaml + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: kafkas.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.replicas + name: Replicas + type: string + - JSONPath: .status.readyReplicas + name: Ready + type: string + - JSONPath: .status.phase + name: Status + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.zookeeperConnect + name: Zookeeper + priority: 1 + type: string + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: Kafka + listKind: KafkaList + plural: kafkas + shortNames: + - kafka + - broker + singular: kafka + preserveUnknownFields: false + scope: Namespaced + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + validation: + openAPIV3Schema: + description: Kafka is the Schema for the kafkas API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KafkaSpec defines the desired state of CP component, Kafka + Server + properties: + authorization: + description: Authorization defines authorization support + properties: + superUsers: + description: SuperUsers defines list of supers user to give admin + privilege on the Kafka Cluster This list takes the format as User: + items: + type: string + type: array + type: + enum: + - rbac + - simple + type: string + required: + - type + type: object + configOverrides: + description: ConfigurationOverrides defines capability to override server/jvm/log4j + properties for each Confluent platform component. Change will roll + the cluster + properties: + jvm: + description: JVM defines a list of jvm configuration supported by + application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported by + application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + dataVolumeCapacity: + anyOf: + - type: integer + - type: string + description: DataVolumeCapacity defines the PV capacity. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + dependencies: + description: Dependencies defines all the kafka dependencies like zookeeper + and centralized MDS settings + properties: + kafkaRest: + description: KafkaRestApiClientDep provides rest client auth for + MDS when RBAC is enabled + properties: + authentication: + description: Authentication defines authentication of Kafka + Rest API + properties: + bearer: + description: BearerAuthentication defines bearer authentication + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines the authentication type support + for MDS + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: Endpoint defines where confluent Kafka Rest API + is running + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: TLSDependencyConfig defines the client side tls + configuration to connect to Kafka Rest API + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: KafkaPrimaryMetaDataServerDep configure a secondary + Kafka cluster managed by the MDS of the primary Kafka cluster + properties: + endpoint: + description: URLEndpoint defines the URL endpoint in format + http|s://:port + minLength: 1 + pattern: ^https?://.* + type: string + kafka: + description: KafkaClientDependency allows configuring CP component + dependency to configure kafka settings + properties: + authentication: + description: Authentication defines the authentication for + the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's + JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference + to pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete + JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability + to discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is + running Uses the same namespace where Operator is + running if not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side + TLS setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: MDSTokenKeyPair load either through secretRef or + directory path + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - endpoint + - kafka + - tokenKeyPair + type: object + schemaRegistry: + description: SchemaRegistryClientDependency allows configuring CP + component dependency to configure schemaRegistry settings + properties: + authentication: + description: Authentication defines the authentication for the + schemaregistry cluster + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass + basic credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles + on the server side only. Changes will be only reflected + in ControlCenter (C3). This configuration is ignored + on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is ignored + on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for schemaregistry cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - url + type: object + zookeeper: + description: KafkaZookeeperDependencies + properties: + authentication: + description: KafkaClientAuthentication defines the authentication + structure for all dependent CP Component for Kafka Cluster. + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + discovery: + description: Discovery discover structure used by Confluent + platform (CP) + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + endpoint: + description: Endpoint defines the endpoint for service is format + endpoint:port + minLength: 1 + pattern: .+:[0-9]+ + type: string + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + type: object + image: + description: Image defines application and init docker image configuration. + Change will roll the cluster + properties: + application: + description: Application defines application docker image name + pattern: .+:.+ + type: string + init: + description: Init defines init-container name + pattern: .+:.+ + type: string + pullPolicy: + description: ImagePullPolicy, One of Always, Never, IfNotPresent. + Defaults to IfNotPresent. + enum: + - Always + - Never + - IfNotPresent + type: string + pullSecretRef: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods that + reference this ServiceAccount. ImagePullSecrets are distinct from + Secrets because Secrets can be mounted in the pod, but ImagePullSecrets + are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: InjectAnnotations annotations are injected to all the internal + resources created by Operator. All the internal annotations is preserved + and forbidden to override. For pod annotations, use podTemplate.annotations + type: object + injectLabels: + additionalProperties: + type: string + description: InjectLabels labels are injected to all the internal resources + created by Operator. All the internal labels is preserved and forbidden + to override. For pod labels, use podTemplate.labels + type: object + k8sClusterDomain: + description: K8SClusterDomain defines configuring kubernetes cluster + domain if required. If this setting is not configured it will default + to cluster.local domain. + type: string + license: + description: License defines license configuration for Confluent platform + component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where license key is mounted. More information about + the usage be found in Confluent Operator document. + minLength: 1 + type: string + globalLicense: + description: GlobalLicense specifies whether operator pod license + will be used for this component If enabled then Confluent platform + component shares Confluent Operator license. + type: boolean + secretRef: + description: SecretRef is secret reference which provides license + for CP component More information about the license key struct + can be found in Confluent Operator document. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + listeners: + description: Listeners defines listeners configurations + properties: + custom: + items: + description: KafkaCustomListener ... + properties: + authentication: + description: KafkaZkAuthentication defines authentication + structure for Kafka/ZK cluster. + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to + pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + principalMappingRules: + items: + type: string + type: array + type: + description: Type defines supported kafka authentication + types + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + externalAccess: + description: KafkaExternalAccess allows to configure external + access for Kafka cluster + properties: + loadBalancer: + description: LoadBalancer allows to create a kubernetes + load balancer service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations + for the kubernetes service type load balancer + type: object + bootstrapPrefix: + description: BootstrapPrefix defines the prefix for + bootstrap advertised endpoint and will be added + as bootstrapPrefix.domain If not configured it will + be the cluster name of CR + minLength: 1 + type: string + brokerPrefix: + description: 'BrokerPrefix defines the prefix for + broker advertised endpoint and will be added as + brokerPrefix.domain If not configured, it will add + b as a prefix, like b#.domain where # will start + from 0 to replicas count' + minLength: 1 + type: string + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring + source range + items: + type: string + type: array + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on + service's port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed + names such as mycompany.com/my-custom-protocol. + Field can be enabled with ServiceAppProtocol + feature gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which + this service is exposed when type=NodePort + or LoadBalancer. Usually assigned by the system. + If specified, it will be allocated to the + service if unused or else creation of the + service will fail. Default is to auto-allocate + a port if the ServiceType of this Service + requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. + Supports "TCP", "UDP", and "SCTP". Default + is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to + access on the pods targeted by the service. + Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. If this is a string, + it will be looked up as a named port in the + target Pod''s container ports. If this is + not specified, the value of the ''port'' field + is used (an identity map). This field is ignored + for services with clusterIP=None, and should + be omitted or set equal to the ''port'' field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node + port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations + for the kubernetes service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port + offset to be used and will go in the increasing + order with respect to the replicas count NodePort + service creation will fail if the node port to be + used is not in the range supported by kubernetes + api-server. The default kubernetes NodePort range + is 30000-32762 + format: int32 + minimum: 0 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) For Kafka with nodePort type, it + will only apply to kafka bootstrap service + items: + description: ServicePort contains information on + service's port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed + names such as mycompany.com/my-custom-protocol. + Field can be enabled with ServiceAppProtocol + feature gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which + this service is exposed when type=NodePort + or LoadBalancer. Usually assigned by the system. + If specified, it will be allocated to the + service if unused or else creation of the + service will fail. Default is to auto-allocate + a port if the ServiceType of this Service + requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. + Supports "TCP", "UDP", and "SCTP". Default + is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to + access on the pods targeted by the service. + Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. If this is a string, + it will be looked up as a named port in the + target Pod''s container ports. If this is + not specified, the value of the ''port'' field + is used (an identity map). This field is ignored + for services with clusterIP=None, and should + be omitted or set equal to the ''port'' field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for + OpenShift Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations + for the OpenShift service type route + type: object + bootstrapPrefix: + description: BootstrapPrefix defines the prefix for + bootstrap advertised endpoint and will be added + as bootstrapPrefix.domain If not configured it will + be the cluster name of CR + minLength: 1 + type: string + brokerPrefix: + description: 'BrokerPrefix defines the prefix for + broker advertised endpoint and will be added as + brokerPrefix.domain If not configured, it will add + b as a prefix, like b#.domain where # will start + from 0 to replicas count' + minLength: 1 + type: string + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. + It defaults to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + staticForHostBasedRouting: + description: StaticForHostBasedRouting allows to integrate + with external ingress controllers by doing host based + routing through SNI capability. With this schema, operator + configures kafka advertised listeners only and no kubernetes + external service will be created. + properties: + brokerPrefix: + description: 'BrokerPrefix defines the prefix for + broker advertised endpoint and will be added as + brokerPrefix.domain If not configured, it will add + b as a prefix, like b#.domain where # will start + from 0 to replicas count' + minLength: 1 + type: string + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + port: + description: Port defines the port to be used in the + advertised listener for a broker + format: int32 + type: integer + required: + - domain + - port + type: object + staticForPortBasedRouting: + description: StaticForPortBasedRouting allows to enable + external access by port routing With this schema, operator + configures kafka advertised listeners only and no kubernetes + external service will be created. + properties: + host: + description: Host defines the host name to be used + in the advertised listener for a broker + minLength: 1 + type: string + portOffset: + description: PortOffset defines the portOffset to + be used and will go in the increasing order with + respect to the replicas count + format: int32 + type: integer + required: + - host + - portOffset + type: object + type: + description: Type defines supported kubernetes external + services + enum: + - loadBalancer + - nodePort + - route + - staticForPortBasedRouting + - staticForHostBasedRouting + type: string + required: + - type + type: object + name: + description: Name defines the name of the custom listener + internal/external/token can't be used as they are reserved + by the Operator + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + port: + description: Port will bind given port to the custom listener. + Port < 9093 is reserved by the Operator + format: int32 + minimum: 9093 + type: integer + tls: + description: ClientTLSConfig defines TLS configuration for + CP component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + required: + - name + - port + type: object + type: array + external: + description: KafkaExternalAccessListener is the kafka specific external + listener + properties: + authentication: + description: KafkaZkAuthentication defines authentication structure + for Kafka/ZK cluster. + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + principalMappingRules: + items: + type: string + type: array + type: + description: Type defines supported kafka authentication + types + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + externalAccess: + description: KafkaExternalAccess allows to configure external + access for Kafka cluster + properties: + loadBalancer: + description: LoadBalancer allows to create a kubernetes + load balancer service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type load balancer + type: object + bootstrapPrefix: + description: BootstrapPrefix defines the prefix for + bootstrap advertised endpoint and will be added as + bootstrapPrefix.domain If not configured it will be + the cluster name of CR + minLength: 1 + type: string + brokerPrefix: + description: 'BrokerPrefix defines the prefix for broker + advertised endpoint and will be added as brokerPrefix.domain + If not configured, it will add b as a prefix, like + b#.domain where # will start from 0 to replicas count' + minLength: 1 + type: string + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring + source range + items: + type: string + type: array + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. Field + can be enabled with ServiceAppProtocol feature + gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type=NodePort or LoadBalancer. + Usually assigned by the system. If specified, + it will be allocated to the service if unused + or else creation of the service will fail. Default + is to auto-allocate a port if the ServiceType + of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number + must be in the range 1 to 65535. Name must be + an IANA_SVC_NAME. If this is a string, it will + be looked up as a named port in the target Pod''s + container ports. If this is not specified, the + value of the ''port'' field is used (an identity + map). This field is ignored for services with + clusterIP=None, and should be omitted or set + equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node + port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port + offset to be used and will go in the increasing order + with respect to the replicas count NodePort service + creation will fail if the node port to be used is + not in the range supported by kubernetes api-server. + The default kubernetes NodePort range is 30000-32762 + format: int32 + minimum: 0 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) For Kafka with nodePort type, it will + only apply to kafka bootstrap service + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. Field + can be enabled with ServiceAppProtocol feature + gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type=NodePort or LoadBalancer. + Usually assigned by the system. If specified, + it will be allocated to the service if unused + or else creation of the service will fail. Default + is to auto-allocate a port if the ServiceType + of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number + must be in the range 1 to 65535. Name must be + an IANA_SVC_NAME. If this is a string, it will + be looked up as a named port in the target Pod''s + container ports. If this is not specified, the + value of the ''port'' field is used (an identity + map). This field is ignored for services with + clusterIP=None, and should be omitted or set + equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for + OpenShift Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the OpenShift service type route + type: object + bootstrapPrefix: + description: BootstrapPrefix defines the prefix for + bootstrap advertised endpoint and will be added as + bootstrapPrefix.domain If not configured it will be + the cluster name of CR + minLength: 1 + type: string + brokerPrefix: + description: 'BrokerPrefix defines the prefix for broker + advertised endpoint and will be added as brokerPrefix.domain + If not configured, it will add b as a prefix, like + b#.domain where # will start from 0 to replicas count' + minLength: 1 + type: string + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. + It defaults to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + staticForHostBasedRouting: + description: StaticForHostBasedRouting allows to integrate + with external ingress controllers by doing host based + routing through SNI capability. With this schema, operator + configures kafka advertised listeners only and no kubernetes + external service will be created. + properties: + brokerPrefix: + description: 'BrokerPrefix defines the prefix for broker + advertised endpoint and will be added as brokerPrefix.domain + If not configured, it will add b as a prefix, like + b#.domain where # will start from 0 to replicas count' + minLength: 1 + type: string + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + port: + description: Port defines the port to be used in the + advertised listener for a broker + format: int32 + type: integer + required: + - domain + - port + type: object + staticForPortBasedRouting: + description: StaticForPortBasedRouting allows to enable + external access by port routing With this schema, operator + configures kafka advertised listeners only and no kubernetes + external service will be created. + properties: + host: + description: Host defines the host name to be used in + the advertised listener for a broker + minLength: 1 + type: string + portOffset: + description: PortOffset defines the portOffset to be + used and will go in the increasing order with respect + to the replicas count + format: int32 + type: integer + required: + - host + - portOffset + type: object + type: + description: Type defines supported kubernetes external + services + enum: + - loadBalancer + - nodePort + - route + - staticForPortBasedRouting + - staticForHostBasedRouting + type: string + required: + - type + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + internal: + description: Listener is the base fields for component listener + configuration + properties: + authentication: + description: KafkaZkAuthentication defines authentication structure + for Kafka/ZK cluster. + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + principalMappingRules: + items: + type: string + type: array + type: + description: Type defines supported kafka authentication + types + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + type: object + metricReporter: + description: MetricsReporter defines the metric reporter configuration + which will be enabled by default, and piggyback internal listener's + authentication and TLS if it is not set + properties: + authentication: + description: KafkaClientAuthentication defines the authentication + structure for all dependent CP Component for Kafka Cluster. + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + type: string + enabled: + type: boolean + replicationFactor: + format: int32 + type: integer + tls: + description: ClientTLSConfig defines TLS configuration for CP component + (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + required: + - enabled + type: object + metrics: + description: Metrics specifies the security settings for metric services + properties: + authentication: + description: Metrics security authentication + properties: + type: + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: Override for jmx-prometheus exporter configs + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Prometheus exporter rule override + properties: + attrNameSnakeCase: + minLength: 1 + type: string + cache: + minLength: 1 + type: string + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + minLength: 1 + type: string + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP component + (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: MountedSecrets defines list of secrets reference injected + to the the underlying statefulset configuration. The secret reference + is mounted secret mounted in default path /mnt/secrets/. + The underlying resources will follow the secret as a file configuration + as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod + Change will roll the cluster + items: + description: MountedSecrets allows provides a way to inject custom + secret to underlying statefulset. + properties: + keyItems: + description: keyItems is list of key and path names + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must + be a value between 0 and 0777. If not specified, the volume + defaultMode will be used. This might be in conflict with + other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key + to. May not be an absolute path. May not contain the path + element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: SecretRef defines the secret name referenced + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + oneReplicaPerNode: + description: OneReplicaPerNode enforces to run 1 pod per node through + pod anti-affinity capability. Enabling this configuration in existing + cluster will roll. Change will roll the cluster + type: boolean + podTemplate: + description: PodTemplate defines some statefulset pod template configuration + properties: + affinity: + description: 'Affinity is a group of affinity scheduling rules. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its + node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. + The TopologySelectorTerm type implements a subset + of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the + sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations defines an unstructured key value map + stored with a resource that may be set by external tools to store + and retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + envVars: + description: 'EnvVars defines the collection of EnvVar to inject + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Labels defines map of string keys and values that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present in + container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all + containers in a pod. Some volume types allow the Kubelet to + change the ownership of that volume to be owned by the pod: + \n 1. The owning GID will be the FSGroup 2. The setgid bit + is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership and permissions + of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence for + that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to + start the container if it does. If unset or false, no such + validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run + in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName defines priority class for the pod + (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: Probe defines some fields of standard kubernetes readiness/liveness + probe configuration. + properties: + liveness: + description: Liveness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + readiness: + description: Readiness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + type: object + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds defines grace period + for pod deletion + format: int64 + type: integer + tolerations: + description: Tolerations defines The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator . + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using the + matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to + Equal. Exists is equivalent to wildcard for value, so that + a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do + not evict). Zero and negative values will be treated as + 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraints describes how a group of + pods ought to spread across topology domains. Scheduler will schedule + pods in a way which abides by the constraints. All topologySpreadConstraints + are ANDed. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods may + be unevenly distributed. It''s the maximum permitted difference + between the number of matching pods in any two topology + domains of a given topology type. For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with the same labelSelector + spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | + - if MaxSkew is 1, incoming pod can only be scheduled to + zone3 to become 1/1/1; scheduling it onto zone1(zone2) would + make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any + zone. It''s a required field. Default value is 1 and 0 is + not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule + (default) tells the scheduler not to schedule it - ScheduleAnyway + tells the scheduler to still schedule it It''s considered + as "Unsatisfiable" if and only if placing incoming pod on + any topology violates "MaxSkew". For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with the same labelSelector + spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod + can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). + In other words, the cluster can still be imbalanced, but + scheduler won''t make it *more* imbalanced. It''s a required + field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + rackAssignment: + description: RackAssignment defines the rack awareness capability for + kafka + properties: + availabilityZoneCount: + description: AvailabilityZoneCount if configured will configure + broker.rack with formula (pod_id % azCount) this is mainly for + backwards compatibility with Operator 1.0 + format: int32 + type: integer + nodeLabels: + description: NodeLabels if configured uses the kubernetes node APIs + to to retrieve the value to be used in the broker.rack. This feature + requires Confluent Operaotr to run in cluster-level access + items: + type: string + minItems: 1 + type: array + type: object + replicas: + description: Replicas is the desired number of replicas of the given + Template. Change will roll the cluster + format: int32 + type: integer + services: + description: KafkaServices defines services supported part of kafka + properties: + kafkaRest: + description: RestApiServer embedded rest api server + properties: + authentication: + description: RestServerAuthentication server authentication + support to the CP Component + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass + basic credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles + on the server side only. Changes will be only reflected + in ControlCenter (C3). This configuration is ignored + on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is ignored + on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest Server + enum: + - basic + - mtls + type: string + required: + - type + type: object + externalAccess: + description: CPExternalAccess holds all external access policies + for non-kafka components + properties: + loadBalancer: + description: LoadBalancer allows to create a kubernetes + load balancer service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type load balancer + type: object + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring + source range + items: + type: string + type: array + port: + description: Port allows to configure external port + for client consumption If not configured, same internal/external + port will be configured per component Information + about the port can be retrieved through status API + format: int32 + type: integer + prefix: + description: Prefix will add prefix when configured + for the given domain If prefix is not configured, + the name of the cluster will be used as a default + value + minLength: 1 + type: string + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. Field + can be enabled with ServiceAppProtocol feature + gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type=NodePort or LoadBalancer. + Usually assigned by the system. If specified, + it will be allocated to the service if unused + or else creation of the service will fail. Default + is to auto-allocate a port if the ServiceType + of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number + must be in the range 1 to 65535. Name must be + an IANA_SVC_NAME. If this is a string, it will + be looked up as a named port in the target Pod''s + container ports. If this is not specified, the + value of the ''port'' field is used (an identity + map). This field is ignored for services with + clusterIP=None, and should be omitted or set + equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node + port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port + offset to be used and will go in the increasing order + with respect to the replicas count NodePort service + creation will fail if the node port to be used is + not in the range supported by kubernetes api-server. + The default kubernetes NodePort range is 30000-32762 + format: int32 + minimum: 0 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) For Kafka with nodePort type, it will + only apply to kafka bootstrap service + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. Field + can be enabled with ServiceAppProtocol feature + gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type=NodePort or LoadBalancer. + Usually assigned by the system. If specified, + it will be allocated to the service if unused + or else creation of the service will fail. Default + is to auto-allocate a port if the ServiceType + of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number + must be in the range 1 to 65535. Name must be + an IANA_SVC_NAME. If this is a string, it will + be looked up as a named port in the target Pod''s + container ports. If this is not specified, the + value of the ''port'' field is used (an identity + map). This field is ignored for services with + clusterIP=None, and should be omitted or set + equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for + OpenShift Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the OpenShift service type route + type: object + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + prefix: + description: Prefix will add prefix when configured + for the given domain If prefix is not configured, + the name of the cluster will be used as a default + value + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. + It defaults to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: Type defines supported kubernetes external + services + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: MetaDataServer + properties: + authentication: + description: MDSAuthentication supported MDS server configuration + properties: + type: + enum: + - bearer + type: string + required: + - type + type: object + externalAccess: + description: CPExternalAccess holds all external access policies + for non-kafka components + properties: + loadBalancer: + description: LoadBalancer allows to create a kubernetes + load balancer service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type load balancer + type: object + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring + source range + items: + type: string + type: array + port: + description: Port allows to configure external port + for client consumption If not configured, same internal/external + port will be configured per component Information + about the port can be retrieved through status API + format: int32 + type: integer + prefix: + description: Prefix will add prefix when configured + for the given domain If prefix is not configured, + the name of the cluster will be used as a default + value + minLength: 1 + type: string + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. Field + can be enabled with ServiceAppProtocol feature + gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type=NodePort or LoadBalancer. + Usually assigned by the system. If specified, + it will be allocated to the service if unused + or else creation of the service will fail. Default + is to auto-allocate a port if the ServiceType + of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number + must be in the range 1 to 65535. Name must be + an IANA_SVC_NAME. If this is a string, it will + be looked up as a named port in the target Pod''s + container ports. If this is not specified, the + value of the ''port'' field is used (an identity + map). This field is ignored for services with + clusterIP=None, and should be omitted or set + equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node + port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port + offset to be used and will go in the increasing order + with respect to the replicas count NodePort service + creation will fail if the node port to be used is + not in the range supported by kubernetes api-server. + The default kubernetes NodePort range is 30000-32762 + format: int32 + minimum: 0 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) For Kafka with nodePort type, it will + only apply to kafka bootstrap service + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. Field + can be enabled with ServiceAppProtocol feature + gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type=NodePort or LoadBalancer. + Usually assigned by the system. If specified, + it will be allocated to the service if unused + or else creation of the service will fail. Default + is to auto-allocate a port if the ServiceType + of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number + must be in the range 1 to 65535. Name must be + an IANA_SVC_NAME. If this is a string, it will + be looked up as a named port in the target Pod''s + container ports. If this is not specified, the + value of the ''port'' field is used (an identity + map). This field is ignored for services with + clusterIP=None, and should be omitted or set + equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for + OpenShift Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the OpenShift service type route + type: object + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + prefix: + description: Prefix will add prefix when configured + for the given domain If prefix is not configured, + the name of the cluster will be used as a default + value + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. + It defaults to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: Type defines supported kubernetes external + services + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + provider: + properties: + ldap: + description: LdapService LDAP configuration for RBAC + properties: + address: + type: string + authentication: + description: LdapAuthentication supported ldap configuration + for RBAC + properties: + simple: + description: LdapSimpleAuthentication load credential + either for secret or directory path in container + for RBAC + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - simple + - mtls + type: string + required: + - type + type: object + configurations: + description: LdapSettings ldap configurations for CP + RBAC. Anything missing can be passed through configOverride + capability + properties: + groupMemberAttribute: + minLength: 1 + type: string + groupMemberAttributePattern: + minLength: 1 + type: string + groupNameAttribute: + minLength: 1 + type: string + groupObjectClass: + minLength: 1 + type: string + groupSearchBase: + minLength: 1 + type: string + groupSearchFilter: + minLength: 1 + type: string + groupSearchScope: + format: int32 + type: integer + userMemberOfAttributePattern: + minLength: 1 + type: string + userNameAttribute: + minLength: 1 + type: string + userObjectClass: + minLength: 1 + type: string + userSearchBase: + minLength: 1 + type: string + userSearchFilter: + minLength: 1 + type: string + userSearchScope: + format: int32 + type: integer + type: object + tls: + description: ClientTLSConfig defines TLS configuration + for CP component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the + directory path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration + for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure + ignores the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name + referenced for jks password + properties: + secretRef: + description: SecretRef defines the secret name + referenced for jks password More information + about jks password key/value format can be + found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + required: + - address + - authentication + - configurations + type: object + type: + enum: + - ldap + type: string + required: + - ldap + - type + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: MDSTokenKeyPair load either through secretRef or + directory path + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - provider + - tokenKeyPair + type: object + type: object + storageClass: + description: StorageClass defines the user provided storage class. If + not configured, it will use default storage class. + properties: + name: + description: Name defines name is the storage class reference name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + telemetry: + description: ConfluentTelemetry defines the confluent telemetry reporter + configuration + properties: + global: + description: Global will allow disabling telemetry configuration. + If Operator is deployed with telemetry, this field is only is + used to disabled. By default the value is true if telemetry is + enabled in global level. + type: boolean + type: object + tls: + description: TLS defines the global level TLS configuration which can + be used by listeners and services if they all want to share same certificate. + properties: + autoGeneratedCerts: + description: AutoGenerated if configures generates the certificates + based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where keystore/truststore.jks/jksPassword.txt keys + are mounted. CP will not configure truststore.jks can be ignored + with IgnoreTrustStoreConfig field + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the truststore + configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced for + jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced for + jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for certificates + More information about certificates key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - dataVolumeCapacity + - image + - replicas + type: object + status: + description: KafkaStatus defines the observed state of KafkaServer + properties: + authorizationType: + type: string + brokerIdOffset: + format: int32 + type: integer + clusterName: + description: ClusterName defines the name of the cluster + type: string + clusterNamespace: + description: ClusterNamespace provides the namespace where cluster is + running + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + currentReplicas: + description: CurrentReplicas defines current running replicas + format: int32 + type: integer + externalClient: + type: string + internalSecrets: + description: InternalSecrets defines the list of internal secrets created + by Operator for each CP component. + items: + type: string + type: array + internalTopicNames: + description: InternalTopicNames is a list of topics used by the component + for internal use + items: + type: string + type: array + listeners: + additionalProperties: + properties: + advertisedExternalEndpoints: + description: AdvertisedExternalEndpoints defines other advertised + endpoints, especially use for kafka + items: + type: string + type: array + authenticationType: + description: AuthenticationType defines authentication type configured + by a listener + type: string + client: + type: string + externalAccessType: + description: ExternalAccessType is the external access type used + for the listener + type: string + externalEndpoint: + description: ExternalEndpoint defines the external endpoint to + connect to the service + type: string + internalEndpoint: + description: InternalEndpoint defines the internal endpoint to + connect to the service + type: string + tls: + description: TLS defines whether tls is configured by a listener + type: boolean + type: object + type: object + minISR: + format: int32 + type: integer + operatorVersion: + description: OperatorVersion defines the internal version of operator + type: string + phase: + description: Phase defines the state of the CP component + type: string + readyReplicas: + description: ReadyReplicas defines current ready replicas + format: int32 + type: integer + replicas: + description: Replicas defines replicas + format: int32 + type: integer + replicationFactor: + format: int32 + type: integer + services: + additionalProperties: + description: ListenerStatus describes general information about a + listeners + properties: + advertisedExternalEndpoints: + description: AdvertisedExternalEndpoints defines other advertised + endpoints, especially use for kafka + items: + type: string + type: array + authenticationType: + description: AuthenticationType defines authentication type configured + by a listener + type: string + externalAccessType: + description: ExternalAccessType is the external access type used + for the listener + type: string + externalEndpoint: + description: ExternalEndpoint defines the external endpoint to + connect to the service + type: string + internalEndpoint: + description: InternalEndpoint defines the internal endpoint to + connect to the service + type: string + tls: + description: TLS defines whether tls is configured by a listener + type: boolean + type: object + type: object + zookeeperConnect: + type: string + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.0.4/crds/platform.confluent.io_kafkatopics.yaml b/base/cfk-base/2.0.4/crds/platform.confluent.io_kafkatopics.yaml new file mode 100644 index 0000000..bd6ba8c --- /dev/null +++ b/base/cfk-base/2.0.4/crds/platform.confluent.io_kafkatopics.yaml @@ -0,0 +1,270 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_kafkatopics.yaml + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: kafkatopics.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.replicas + name: Replicas + type: string + - JSONPath: .status.partitionCount + name: Partition + type: string + - JSONPath: .status.state + name: Status + type: string + - JSONPath: .status.kafkaClusterId + name: ClusterId + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: KafkaTopic + listKind: KafkaTopicList + plural: kafkatopics + shortNames: + - kt + - topic + singular: kafkatopic + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: KafkaTopic is the Schema for the kafkatopics API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KafkaTopicSpec defines the desired state of KafkaTopic + properties: + configs: + additionalProperties: + type: string + description: Configs allows passing configs for topic More information + about topic configs is available here https://docs.confluent.io/current/installation/configuration/topic-configs.html + type: object + kafkaClusterRef: + description: KafkaClusterRef defines the name of the kafka cluster + properties: + name: + description: Name defines name of the Kafka cluster + minLength: 1 + type: string + namespace: + description: Namespace defines namespace where kafka cluster is + running + minLength: 1 + type: string + required: + - name + type: object + kafkaRest: + description: KafkaRestRef defines the Kafka Rest API configuration + properties: + authentication: + description: Authentication defines authentication of Kafka Rest + API + properties: + basic: + description: KafkaRestBasicAuthentication defines basic authentication + properties: + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + bearer: + description: KafkaRestBearerAuthentication defines bearer authentication, + used by MDS clients when RBAC enabled + properties: + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: + enum: + - basic + - bearer + type: string + required: + - type + type: object + endpoint: + description: Endpoint defines where confluent Kafka Rest API is + running + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: TLSDependencyConfig defines the client side tls configuration + to connect to Kafka Rest API + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + kafkaRestClassRef: + description: KafkaRestClassRef defines the reference for KafkaRestClass + which defines Kafka Rest API + properties: + name: + description: Name defines the name of KafkaRestClass + minLength: 1 + type: string + namespace: + description: Namespace defines the namespace of the KafkaRestClass + type: string + required: + - name + type: object + name: + description: Name defines the topic name. If not configured uses the + CR name as topic name. + maxLength: 255 + minLength: 1 + pattern: ^[a-zA-Z0-9\._\-]*$ + type: string + partitionCount: + description: PartitionCount defines the partition count. If not configured + then it will be defaulted to whatever kafkarest V3 APIs supports + format: int32 + type: integer + replicas: + description: Replicas defines the replication factor for a topic. If + not configured then it will be defaulted to whatever kafkarest V3 + APIs supports + format: int32 + type: integer + type: object + status: + description: KafkaTopicStatus defines the observed state of KafkaTopic + properties: + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + kafkaClusterId: + type: string + kafkaRestEndpoint: + type: string + partitionCount: + format: int32 + type: integer + replicas: + format: int32 + type: integer + state: + type: string + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.0.4/crds/platform.confluent.io_ksqldbs.yaml b/base/cfk-base/2.0.4/crds/platform.confluent.io_ksqldbs.yaml new file mode 100644 index 0000000..60ee8bd --- /dev/null +++ b/base/cfk-base/2.0.4/crds/platform.confluent.io_ksqldbs.yaml @@ -0,0 +1,2587 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_ksqldbs.yaml + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: ksqldbs.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.replicas + name: Replicas + type: string + - JSONPath: .status.readyReplicas + name: Ready + type: string + - JSONPath: .status.phase + name: Status + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.kafka.bootstrapEndpoint + name: Kafka + priority: 1 + type: string + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: KsqlDB + listKind: KsqlDBList + plural: ksqldbs + shortNames: + - ksqldb + - ksql + singular: ksqldb + preserveUnknownFields: false + scope: Namespaced + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + validation: + openAPIV3Schema: + description: KsqlDB is the Schema for the ksql API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KafkaSpec defines the desired state of CP component, Kafka + Server + properties: + authentication: + description: Authentication specifies whether auth is needed when accessing + the ksqlDB rest server. + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic credential + through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on the + server side only. Changes will be only reflected in ControlCenter + (C3). This configuration is ignored on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on the + server side only. This configuration is ignored on the client + side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme for Rest + Server + enum: + - basic + - mtls + type: string + required: + - type + type: object + authorization: + description: Authorization configuration defines RBAC configuration + properties: + kafkaRestClassRef: + description: KafkaRestClassRef defines the reference for KafkaRestClass + which defines Kafka Rest API + properties: + name: + description: Name defines the name of KafkaRestClass + minLength: 1 + type: string + namespace: + description: Namespace defines the namespace of the KafkaRestClass + type: string + required: + - name + type: object + type: + enum: + - rbac + type: string + required: + - type + type: object + configOverrides: + description: ConfigurationOverrides defines capability to override server/jvm/log4j + properties for each Confluent platform component. Change will roll + the cluster + properties: + jvm: + description: JVM defines a list of jvm configuration supported by + application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported by + application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + dataVolumeCapacity: + anyOf: + - type: integer + - type: string + description: Data volume + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + dependencies: + description: Dependencies defines dependencies Kafka, interceptor, schemaregistry, + mds dependencies + properties: + interceptor: + description: InterceptorDependency defines interceptor settings + for CP component + properties: + configs: + description: Configs defines configs for the CP interceptor + Config override feature can be used to pass config + items: + type: string + type: array + consumer: + description: Consumer defines the consumer configuration for + interceptor. If not configured it will use the kafka dependency + configuration + properties: + authentication: + description: Authentication defines the authentication for + the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's + JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference + to pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete + JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability + to discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is + running Uses the same namespace where Operator is + running if not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side + TLS setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + enabled: + description: Enabled defines to enable the CP interceptor configuration + type: boolean + producer: + description: Producer defines the producer configuration for + interceptor. If not configured it will use the kafka dependency + configuration + properties: + authentication: + description: Authentication defines the authentication for + the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's + JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference + to pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete + JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability + to discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is + running Uses the same namespace where Operator is + running if not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side + TLS setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + publishMs: + type: integer + required: + - enabled + type: object + kafka: + description: KafkaClientDependency allows configuring CP component + dependency to configure kafka settings + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: MDSDependencies defines MDS configure when CP RBAC + is enabled + properties: + authentication: + description: Authentication defines MDS authentication configuration + properties: + bearer: + description: BearerAuthentication defines bearer authentication + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines the authentication type support + for MDS + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: Endpoint defines the mds endpoint + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: TokenKeyPair defines the token keypair to configure + MDS + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - authentication + - endpoint + - tokenKeyPair + type: object + schemaRegistry: + description: SchemaRegistryClientDependency allows configuring CP + component dependency to configure schemaRegistry settings + properties: + authentication: + description: Authentication defines the authentication for the + schemaregistry cluster + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass + basic credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles + on the server side only. Changes will be only reflected + in ControlCenter (C3). This configuration is ignored + on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is ignored + on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for schemaregistry cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - url + type: object + type: object + externalAccess: + description: Provides configuring endpoints and services to make ksqlDB + accessible from outside the cluster + properties: + loadBalancer: + description: LoadBalancer allows to create a kubernetes load balancer + service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type load balancer + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring source + range + items: + type: string + type: array + port: + description: Port allows to configure external port for client + consumption If not configured, same internal/external port + will be configured per component Information about the port + can be retrieved through status API + format: int32 + type: integer + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port offset + to be used and will go in the increasing order with respect + to the replicas count NodePort service creation will fail + if the node port to be used is not in the range supported + by kubernetes api-server. The default kubernetes NodePort + range is 30000-32762 + format: int32 + minimum: 0 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) For Kafka with nodePort type, it will only apply to + kafka bootstrap service + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for OpenShift + Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the OpenShift + service type route + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. It defaults + to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: Type defines supported kubernetes external services + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + image: + description: Image defines application and init docker image configuration. + Change will roll the cluster + properties: + application: + description: Application defines application docker image name + pattern: .+:.+ + type: string + init: + description: Init defines init-container name + pattern: .+:.+ + type: string + pullPolicy: + description: ImagePullPolicy, One of Always, Never, IfNotPresent. + Defaults to IfNotPresent. + enum: + - Always + - Never + - IfNotPresent + type: string + pullSecretRef: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods that + reference this ServiceAccount. ImagePullSecrets are distinct from + Secrets because Secrets can be mounted in the pod, but ImagePullSecrets + are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: InjectAnnotations annotations are injected to all the internal + resources created by Operator. All the internal annotations is preserved + and forbidden to override. For pod annotations, use podTemplate.annotations + type: object + injectLabels: + additionalProperties: + type: string + description: InjectLabels labels are injected to all the internal resources + created by Operator. All the internal labels is preserved and forbidden + to override. For pod labels, use podTemplate.labels + type: object + internalTopicReplicationFactor: + description: Replication factor for internal topics + format: int32 + type: integer + k8sClusterDomain: + description: K8SClusterDomain defines configuring kubernetes cluster + domain if required. If this setting is not configured it will default + to cluster.local domain. + type: string + license: + description: License defines license configuration for Confluent platform + component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where license key is mounted. More information about + the usage be found in Confluent Operator document. + minLength: 1 + type: string + globalLicense: + description: GlobalLicense specifies whether operator pod license + will be used for this component If enabled then Confluent platform + component shares Confluent Operator license. + type: boolean + secretRef: + description: SecretRef is secret reference which provides license + for CP component More information about the license key struct + can be found in Confluent Operator document. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + metrics: + description: Metrics specifies the security settings for metric services + properties: + authentication: + description: Metrics security authentication + properties: + type: + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: Override for jmx-prometheus exporter configs + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Prometheus exporter rule override + properties: + attrNameSnakeCase: + minLength: 1 + type: string + cache: + minLength: 1 + type: string + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + minLength: 1 + type: string + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP component + (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: MountedSecrets defines list of secrets reference injected + to the the underlying statefulset configuration. The secret reference + is mounted secret mounted in default path /mnt/secrets/. + The underlying resources will follow the secret as a file configuration + as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod + Change will roll the cluster + items: + description: MountedSecrets allows provides a way to inject custom + secret to underlying statefulset. + properties: + keyItems: + description: keyItems is list of key and path names + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must + be a value between 0 and 0777. If not specified, the volume + defaultMode will be used. This might be in conflict with + other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key + to. May not be an absolute path. May not contain the path + element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: SecretRef defines the secret name referenced + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + oneReplicaPerNode: + description: OneReplicaPerNode enforces to run 1 pod per node through + pod anti-affinity capability. Enabling this configuration in existing + cluster will roll. Change will roll the cluster + type: boolean + podTemplate: + description: PodTemplate defines some statefulset pod template configuration + properties: + affinity: + description: 'Affinity is a group of affinity scheduling rules. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its + node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. + The TopologySelectorTerm type implements a subset + of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the + sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations defines an unstructured key value map + stored with a resource that may be set by external tools to store + and retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + envVars: + description: 'EnvVars defines the collection of EnvVar to inject + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Labels defines map of string keys and values that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present in + container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all + containers in a pod. Some volume types allow the Kubelet to + change the ownership of that volume to be owned by the pod: + \n 1. The owning GID will be the FSGroup 2. The setgid bit + is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership and permissions + of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence for + that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to + start the container if it does. If unset or false, no such + validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run + in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName defines priority class for the pod + (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: Probe defines some fields of standard kubernetes readiness/liveness + probe configuration. + properties: + liveness: + description: Liveness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + readiness: + description: Readiness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + type: object + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds defines grace period + for pod deletion + format: int64 + type: integer + tolerations: + description: Tolerations defines The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator . + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using the + matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to + Equal. Exists is equivalent to wildcard for value, so that + a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do + not evict). Zero and negative values will be treated as + 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraints describes how a group of + pods ought to spread across topology domains. Scheduler will schedule + pods in a way which abides by the constraints. All topologySpreadConstraints + are ANDed. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods may + be unevenly distributed. It''s the maximum permitted difference + between the number of matching pods in any two topology + domains of a given topology type. For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with the same labelSelector + spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | + - if MaxSkew is 1, incoming pod can only be scheduled to + zone3 to become 1/1/1; scheduling it onto zone1(zone2) would + make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any + zone. It''s a required field. Default value is 1 and 0 is + not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule + (default) tells the scheduler not to schedule it - ScheduleAnyway + tells the scheduler to still schedule it It''s considered + as "Unsatisfiable" if and only if placing incoming pod on + any topology violates "MaxSkew". For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with the same labelSelector + spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod + can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). + In other words, the cluster can still be imbalanced, but + scheduler won''t make it *more* imbalanced. It''s a required + field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + replicas: + description: Replicas is the desired number of replicas of the given + Template. Change will roll the cluster + format: int32 + type: integer + storageClass: + description: Storage class used for creating pvc's of created ksqlDB + pods + properties: + name: + description: Name defines name is the storage class reference name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + telemetry: + description: ConfluentTelemetry defines the confluent telemetry reporter + configuration + properties: + global: + description: Global will allow disabling telemetry configuration. + If Operator is deployed with telemetry, this field is only is + used to disabled. By default the value is true if telemetry is + enabled in global level. + type: boolean + type: object + tls: + description: Specifies TLS configurations for the ksqlDB rest server. + properties: + autoGeneratedCerts: + description: AutoGenerated if configures generates the certificates + based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where keystore/truststore.jks/jksPassword.txt keys + are mounted. CP will not configure truststore.jks can be ignored + with IgnoreTrustStoreConfig field + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the truststore + configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced for + jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced for + jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for certificates + More information about certificates key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - dataVolumeCapacity + - image + - replicas + type: object + status: + description: KsqlDBStatus defines the observed state of KSQLServer + properties: + authorizationType: + type: string + clusterName: + description: ClusterName defines the name of the cluster + type: string + clusterNamespace: + description: ClusterNamespace provides the namespace where cluster is + running + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + currentReplicas: + description: CurrentReplicas defines current running replicas + format: int32 + type: integer + internalSecrets: + description: InternalSecrets defines the list of internal secrets created + by Operator for each CP component. + items: + type: string + type: array + internalTopicNames: + description: InternalTopicNames is a list of topics used by the component + for internal use + items: + type: string + type: array + kafka: + description: KafkaClientInfoStatus defines the kafka client side status + for all CP component + properties: + authenticationType: + description: AuthenticationType defines the authentication type + for kafka + type: string + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + type: string + tls: + description: TLS defines if tls is enabled for kafka dependency + type: boolean + type: object + operatorVersion: + description: OperatorVersion defines the internal version of operator + type: string + phase: + description: Phase defines the state of the CP component + type: string + rbac: + description: RBACInfoStatus defines RBAC related status when RBAC is + enabled + properties: + clusterId: + description: ClusterId defines the id of cluster + type: string + internalRolebindings: + description: RolebindingState defines the state of internal rolebindings + items: + type: string + type: array + type: object + readyReplicas: + description: ReadyReplicas defines current ready replicas + format: int32 + type: integer + replicas: + description: Replicas defines replicas + format: int32 + type: integer + restConfig: + description: ListenerStatus describes general information about a listeners + properties: + advertisedExternalEndpoints: + description: AdvertisedExternalEndpoints defines other advertised + endpoints, especially use for kafka + items: + type: string + type: array + authenticationType: + description: AuthenticationType defines authentication type configured + by a listener + type: string + externalAccessType: + description: ExternalAccessType is the external access type used + for the listener + type: string + externalEndpoint: + description: ExternalEndpoint defines the external endpoint to connect + to the service + type: string + internalEndpoint: + description: InternalEndpoint defines the internal endpoint to connect + to the service + type: string + tls: + description: TLS defines whether tls is configured by a listener + type: boolean + type: object + serviceId: + type: string + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.0.4/crds/platform.confluent.io_migrationjobs.yaml b/base/cfk-base/2.0.4/crds/platform.confluent.io_migrationjobs.yaml new file mode 100644 index 0000000..2a50c83 --- /dev/null +++ b/base/cfk-base/2.0.4/crds/platform.confluent.io_migrationjobs.yaml @@ -0,0 +1,672 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_migrationjobs.yaml + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: migrationjobs.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: MigrationJob + listKind: MigrationJobList + plural: migrationjobs + shortNames: + - migrationjob + - migration + singular: migrationjob + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: MigrationJob is the Schema for the migrationjobs API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MigrationJobSpec defines the desired state of MigrationJob + properties: + blockReconcile: + type: boolean + connect: + description: ConnectMigrationJobSpec defines the desired state of Connect + after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must be + unique. An empty namespace is equivalent to the "default" namespace, + but "default" is the canonical representation. Not all objects + are required to be scoped to a namespace - the value of this field + for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + controlcenter: + description: ControlCenterMigrationJobSpec defines the desired state + of ControlCenter after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must be + unique. An empty namespace is equivalent to the "default" namespace, + but "default" is the canonical representation. Not all objects + are required to be scoped to a namespace - the value of this field + for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + initContainerImage: + minLength: 1 + type: string + kafka: + description: KafkaMigrationJobSpec defines the descired state of Kafka + after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must be + unique. An empty namespace is equivalent to the "default" namespace, + but "default" is the canonical representation. Not all objects + are required to be scoped to a namespace - the value of this field + for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + ksqldb: + description: KsqlDBMigrationJobSpec defines the desired state of KsqlDB + after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must be + unique. An empty namespace is equivalent to the "default" namespace, + but "default" is the canonical representation. Not all objects + are required to be scoped to a namespace - the value of this field + for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + pullSecretRef: + items: + type: string + type: array + replicator: + description: ReplicatorMigrationJobSpec defines the desired state of + Replicator after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must be + unique. An empty namespace is equivalent to the "default" namespace, + but "default" is the canonical representation. Not all objects + are required to be scoped to a namespace - the value of this field + for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + schemaRegistry: + description: SchemaRegistryMigrationJobSpec defines the desired state + of SchemaRegistry after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must be + unique. An empty namespace is equivalent to the "default" namespace, + but "default" is the canonical representation. Not all objects + are required to be scoped to a namespace - the value of this field + for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + skipCleanup: + type: boolean + skipRollback: + type: boolean + zookeeper: + description: ZookeeperMigrationJobSpec defines the desired state of + Zookeeper after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must be + unique. An empty namespace is equivalent to the "default" namespace, + but "default" is the canonical representation. Not all objects + are required to be scoped to a namespace - the value of this field + for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + required: + - initContainerImage + type: object + status: + description: MigrationJobStatus defines the observed state of MigrationJob + properties: + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + connect: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + controlcenter: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + kafka: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + ksqldb: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + phase: + type: string + replicator: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + schemaRegistry: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + zookeeper: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + required: + - phase + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.0.4/crds/platform.confluent.io_schemaregistries.yaml b/base/cfk-base/2.0.4/crds/platform.confluent.io_schemaregistries.yaml new file mode 100644 index 0000000..357e531 --- /dev/null +++ b/base/cfk-base/2.0.4/crds/platform.confluent.io_schemaregistries.yaml @@ -0,0 +1,2190 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_schemaregistries.yaml + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: schemaregistries.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.replicas + name: Replicas + type: string + - JSONPath: .status.readyReplicas + name: Ready + type: string + - JSONPath: .status.phase + name: Status + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.kafka.bootstrapEndpoint + name: Kafka + priority: 1 + type: string + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: SchemaRegistry + listKind: SchemaRegistryList + plural: schemaregistries + shortNames: + - schemaregistry + - sr + singular: schemaregistry + preserveUnknownFields: false + scope: Namespaced + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + validation: + openAPIV3Schema: + description: SchemaRegistry is the Schema for the schemaregistries API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SchemaRegistrySpec defines the desired state of SchemaRegistry + properties: + authentication: + description: Authentication defines the rest-endpoint configuration + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic credential + through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on the + server side only. Changes will be only reflected in ControlCenter + (C3). This configuration is ignored on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on the + server side only. This configuration is ignored on the client + side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme for Rest + Server + enum: + - basic + - mtls + type: string + required: + - type + type: object + authorization: + description: Authorization defines authorization configurations + properties: + kafkaRestClassRef: + description: KafkaRestClassRef defines the reference for KafkaRestClass + which defines Kafka Rest API + properties: + name: + description: Name defines the name of KafkaRestClass + minLength: 1 + type: string + namespace: + description: Namespace defines the namespace of the KafkaRestClass + type: string + required: + - name + type: object + type: + enum: + - rbac + type: string + required: + - type + type: object + configOverrides: + description: ConfigurationOverrides defines capability to override server/jvm/log4j + properties for each Confluent platform component. Change will roll + the cluster + properties: + jvm: + description: JVM defines a list of jvm configuration supported by + application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported by + application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + dependencies: + description: Dependencies defines all the dependencies service configuration + properties: + kafka: + description: Kafka defines kafka dependencies configuration + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: MDSDependencies defines the RBAC dependencies configurations + properties: + authentication: + description: Authentication defines MDS authentication configuration + properties: + bearer: + description: BearerAuthentication defines bearer authentication + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines the authentication type support + for MDS + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: Endpoint defines the mds endpoint + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: TokenKeyPair defines the token keypair to configure + MDS + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - authentication + - endpoint + - tokenKeyPair + type: object + type: object + externalAccess: + description: ExternalAccess defines the external access configuration + properties: + loadBalancer: + description: LoadBalancer allows to create a kubernetes load balancer + service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type load balancer + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring source + range + items: + type: string + type: array + port: + description: Port allows to configure external port for client + consumption If not configured, same internal/external port + will be configured per component Information about the port + can be retrieved through status API + format: int32 + type: integer + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port offset + to be used and will go in the increasing order with respect + to the replicas count NodePort service creation will fail + if the node port to be used is not in the range supported + by kubernetes api-server. The default kubernetes NodePort + range is 30000-32762 + format: int32 + minimum: 0 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) For Kafka with nodePort type, it will only apply to + kafka bootstrap service + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for OpenShift + Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the OpenShift + service type route + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. It defaults + to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: Type defines supported kubernetes external services + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + image: + description: Image defines application and init docker image configuration. + Change will roll the cluster + properties: + application: + description: Application defines application docker image name + pattern: .+:.+ + type: string + init: + description: Init defines init-container name + pattern: .+:.+ + type: string + pullPolicy: + description: ImagePullPolicy, One of Always, Never, IfNotPresent. + Defaults to IfNotPresent. + enum: + - Always + - Never + - IfNotPresent + type: string + pullSecretRef: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods that + reference this ServiceAccount. ImagePullSecrets are distinct from + Secrets because Secrets can be mounted in the pod, but ImagePullSecrets + are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: InjectAnnotations annotations are injected to all the internal + resources created by Operator. All the internal annotations is preserved + and forbidden to override. For pod annotations, use podTemplate.annotations + type: object + injectLabels: + additionalProperties: + type: string + description: InjectLabels labels are injected to all the internal resources + created by Operator. All the internal labels is preserved and forbidden + to override. For pod labels, use podTemplate.labels + type: object + internalTopicReplicatorFactor: + format: int32 + minimum: 1 + type: integer + k8sClusterDomain: + description: K8SClusterDomain defines configuring kubernetes cluster + domain if required. If this setting is not configured it will default + to cluster.local domain. + type: string + license: + description: License defines license configuration for Confluent platform + component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where license key is mounted. More information about + the usage be found in Confluent Operator document. + minLength: 1 + type: string + globalLicense: + description: GlobalLicense specifies whether operator pod license + will be used for this component If enabled then Confluent platform + component shares Confluent Operator license. + type: boolean + secretRef: + description: SecretRef is secret reference which provides license + for CP component More information about the license key struct + can be found in Confluent Operator document. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + metrics: + description: Metrics specifies the security settings for metric services + properties: + authentication: + description: Metrics security authentication + properties: + type: + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: Override for jmx-prometheus exporter configs + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Prometheus exporter rule override + properties: + attrNameSnakeCase: + minLength: 1 + type: string + cache: + minLength: 1 + type: string + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + minLength: 1 + type: string + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP component + (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: MountedSecrets defines list of secrets reference injected + to the the underlying statefulset configuration. The secret reference + is mounted secret mounted in default path /mnt/secrets/. + The underlying resources will follow the secret as a file configuration + as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod + Change will roll the cluster + items: + description: MountedSecrets allows provides a way to inject custom + secret to underlying statefulset. + properties: + keyItems: + description: keyItems is list of key and path names + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must + be a value between 0 and 0777. If not specified, the volume + defaultMode will be used. This might be in conflict with + other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key + to. May not be an absolute path. May not contain the path + element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: SecretRef defines the secret name referenced + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + oneReplicaPerNode: + description: OneReplicaPerNode enforces to run 1 pod per node through + pod anti-affinity capability. Enabling this configuration in existing + cluster will roll. Change will roll the cluster + type: boolean + podTemplate: + description: PodTemplate defines some statefulset pod template configuration + properties: + affinity: + description: 'Affinity is a group of affinity scheduling rules. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its + node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. + The TopologySelectorTerm type implements a subset + of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the + sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations defines an unstructured key value map + stored with a resource that may be set by external tools to store + and retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + envVars: + description: 'EnvVars defines the collection of EnvVar to inject + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Labels defines map of string keys and values that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present in + container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all + containers in a pod. Some volume types allow the Kubelet to + change the ownership of that volume to be owned by the pod: + \n 1. The owning GID will be the FSGroup 2. The setgid bit + is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership and permissions + of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence for + that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to + start the container if it does. If unset or false, no such + validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run + in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName defines priority class for the pod + (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: Probe defines some fields of standard kubernetes readiness/liveness + probe configuration. + properties: + liveness: + description: Liveness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + readiness: + description: Readiness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + type: object + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds defines grace period + for pod deletion + format: int64 + type: integer + tolerations: + description: Tolerations defines The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator . + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using the + matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to + Equal. Exists is equivalent to wildcard for value, so that + a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do + not evict). Zero and negative values will be treated as + 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraints describes how a group of + pods ought to spread across topology domains. Scheduler will schedule + pods in a way which abides by the constraints. All topologySpreadConstraints + are ANDed. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods may + be unevenly distributed. It''s the maximum permitted difference + between the number of matching pods in any two topology + domains of a given topology type. For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with the same labelSelector + spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | + - if MaxSkew is 1, incoming pod can only be scheduled to + zone3 to become 1/1/1; scheduling it onto zone1(zone2) would + make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any + zone. It''s a required field. Default value is 1 and 0 is + not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule + (default) tells the scheduler not to schedule it - ScheduleAnyway + tells the scheduler to still schedule it It''s considered + as "Unsatisfiable" if and only if placing incoming pod on + any topology violates "MaxSkew". For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with the same labelSelector + spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod + can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). + In other words, the cluster can still be imbalanced, but + scheduler won''t make it *more* imbalanced. It''s a required + field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + replicas: + description: Replicas is the desired number of replicas of the given + Template. Change will roll the cluster + format: int32 + type: integer + telemetry: + description: ConfluentTelemetry defines the confluent telemetry reporter + configuration + properties: + global: + description: Global will allow disabling telemetry configuration. + If Operator is deployed with telemetry, this field is only is + used to disabled. By default the value is true if telemetry is + enabled in global level. + type: boolean + type: object + tls: + description: TLS defines tls configuration for rest-endpoint + properties: + autoGeneratedCerts: + description: AutoGenerated if configures generates the certificates + based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where keystore/truststore.jks/jksPassword.txt keys + are mounted. CP will not configure truststore.jks can be ignored + with IgnoreTrustStoreConfig field + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the truststore + configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced for + jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced for + jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for certificates + More information about certificates key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - image + - replicas + type: object + status: + description: SchemaRegistryStatus defines the observed state of SchemaRegistry + properties: + authorizationType: + type: string + clusterName: + description: ClusterName defines the name of the cluster + type: string + clusterNamespace: + description: ClusterNamespace provides the namespace where cluster is + running + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + currentReplicas: + description: CurrentReplicas defines current running replicas + format: int32 + type: integer + groupId: + type: string + internalSecrets: + description: InternalSecrets defines the list of internal secrets created + by Operator for each CP component. + items: + type: string + type: array + internalTopicNames: + description: InternalTopicNames is a list of topics used by the component + for internal use + items: + type: string + type: array + kafka: + description: KafkaClientInfoStatus defines the kafka client side status + for all CP component + properties: + authenticationType: + description: AuthenticationType defines the authentication type + for kafka + type: string + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + type: string + tls: + description: TLS defines if tls is enabled for kafka dependency + type: boolean + type: object + metricPrefix: + type: string + operatorVersion: + description: OperatorVersion defines the internal version of operator + type: string + phase: + description: Phase defines the state of the CP component + type: string + rbac: + description: RBACInfoStatus defines RBAC related status when RBAC is + enabled + properties: + clusterId: + description: ClusterId defines the id of cluster + type: string + internalRolebindings: + description: RolebindingState defines the state of internal rolebindings + items: + type: string + type: array + type: object + readyReplicas: + description: ReadyReplicas defines current ready replicas + format: int32 + type: integer + replicas: + description: Replicas defines replicas + format: int32 + type: integer + restConfig: + description: ListenerStatus describes general information about a listeners + properties: + advertisedExternalEndpoints: + description: AdvertisedExternalEndpoints defines other advertised + endpoints, especially use for kafka + items: + type: string + type: array + authenticationType: + description: AuthenticationType defines authentication type configured + by a listener + type: string + externalAccessType: + description: ExternalAccessType is the external access type used + for the listener + type: string + externalEndpoint: + description: ExternalEndpoint defines the external endpoint to connect + to the service + type: string + internalEndpoint: + description: InternalEndpoint defines the internal endpoint to connect + to the service + type: string + tls: + description: TLS defines whether tls is configured by a listener + type: boolean + type: object + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.0.4/crds/platform.confluent.io_zookeepers.yaml b/base/cfk-base/2.0.4/crds/platform.confluent.io_zookeepers.yaml new file mode 100644 index 0000000..19b661d --- /dev/null +++ b/base/cfk-base/2.0.4/crds/platform.confluent.io_zookeepers.yaml @@ -0,0 +1,1666 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_zookeepers.yaml + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: zookeepers.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.replicas + name: Replicas + type: string + - JSONPath: .status.readyReplicas + name: Ready + type: string + - JSONPath: .status.phase + name: Status + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.endpoint + name: Endpoint + priority: 1 + type: string + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: Zookeeper + listKind: ZookeeperList + plural: zookeepers + shortNames: + - zookeeper + - zk + singular: zookeeper + preserveUnknownFields: false + scope: Namespaced + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + validation: + openAPIV3Schema: + description: Zookeeper is the Schema for the zookeepers API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ZookeeperSpec defines the desired state of Confluent Platform + (CP) component, Zookeeper + properties: + authentication: + description: Authentication defines support authentication configuration + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass required + credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced for + authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + principalMappingRules: + items: + type: string + type: array + type: + description: Type defines supported kafka authentication types + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + configOverrides: + description: ConfigurationOverrides defines capability to override server/jvm/log4j + properties for each Confluent platform component. Change will roll + the cluster + properties: + jvm: + description: JVM defines a list of jvm configuration supported by + application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported by + application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + dataVolumeCapacity: + anyOf: + - type: integer + - type: string + description: DataVolumeCapacity defines the data volume size + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + image: + description: Image defines application and init docker image configuration. + Change will roll the cluster + properties: + application: + description: Application defines application docker image name + pattern: .+:.+ + type: string + init: + description: Init defines init-container name + pattern: .+:.+ + type: string + pullPolicy: + description: ImagePullPolicy, One of Always, Never, IfNotPresent. + Defaults to IfNotPresent. + enum: + - Always + - Never + - IfNotPresent + type: string + pullSecretRef: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods that + reference this ServiceAccount. ImagePullSecrets are distinct from + Secrets because Secrets can be mounted in the pod, but ImagePullSecrets + are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: InjectAnnotations annotations are injected to all the internal + resources created by Operator. All the internal annotations is preserved + and forbidden to override. For pod annotations, use podTemplate.annotations + type: object + injectLabels: + additionalProperties: + type: string + description: InjectLabels labels are injected to all the internal resources + created by Operator. All the internal labels is preserved and forbidden + to override. For pod labels, use podTemplate.labels + type: object + k8sClusterDomain: + description: K8SClusterDomain defines configuring kubernetes cluster + domain if required. If this setting is not configured it will default + to cluster.local domain. + type: string + license: + description: License defines license configuration for Confluent platform + component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where license key is mounted. More information about + the usage be found in Confluent Operator document. + minLength: 1 + type: string + globalLicense: + description: GlobalLicense specifies whether operator pod license + will be used for this component If enabled then Confluent platform + component shares Confluent Operator license. + type: boolean + secretRef: + description: SecretRef is secret reference which provides license + for CP component More information about the license key struct + can be found in Confluent Operator document. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + logVolumeCapacity: + anyOf: + - type: integer + - type: string + description: LogVolumeCapacity defines the log volume size + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + metrics: + description: Metrics specifies the security settings for metric services + properties: + authentication: + description: Metrics security authentication + properties: + type: + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: Override for jmx-prometheus exporter configs + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Prometheus exporter rule override + properties: + attrNameSnakeCase: + minLength: 1 + type: string + cache: + minLength: 1 + type: string + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + minLength: 1 + type: string + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP component + (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: MountedSecrets defines list of secrets reference injected + to the the underlying statefulset configuration. The secret reference + is mounted secret mounted in default path /mnt/secrets/. + The underlying resources will follow the secret as a file configuration + as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod + Change will roll the cluster + items: + description: MountedSecrets allows provides a way to inject custom + secret to underlying statefulset. + properties: + keyItems: + description: keyItems is list of key and path names + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must + be a value between 0 and 0777. If not specified, the volume + defaultMode will be used. This might be in conflict with + other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key + to. May not be an absolute path. May not contain the path + element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: SecretRef defines the secret name referenced + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + oneReplicaPerNode: + description: OneReplicaPerNode enforces to run 1 pod per node through + pod anti-affinity capability. Enabling this configuration in existing + cluster will roll. Change will roll the cluster + type: boolean + podTemplate: + description: PodTemplate defines some statefulset pod template configuration + properties: + affinity: + description: 'Affinity is a group of affinity scheduling rules. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its + node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. + The TopologySelectorTerm type implements a subset + of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the + sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations defines an unstructured key value map + stored with a resource that may be set by external tools to store + and retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + envVars: + description: 'EnvVars defines the collection of EnvVar to inject + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Labels defines map of string keys and values that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present in + container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all + containers in a pod. Some volume types allow the Kubelet to + change the ownership of that volume to be owned by the pod: + \n 1. The owning GID will be the FSGroup 2. The setgid bit + is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership and permissions + of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence for + that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to + start the container if it does. If unset or false, no such + validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run + in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName defines priority class for the pod + (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: Probe defines some fields of standard kubernetes readiness/liveness + probe configuration. + properties: + liveness: + description: Liveness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + readiness: + description: Readiness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + type: object + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds defines grace period + for pod deletion + format: int64 + type: integer + tolerations: + description: Tolerations defines The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator . + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using the + matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to + Equal. Exists is equivalent to wildcard for value, so that + a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do + not evict). Zero and negative values will be treated as + 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraints describes how a group of + pods ought to spread across topology domains. Scheduler will schedule + pods in a way which abides by the constraints. All topologySpreadConstraints + are ANDed. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods may + be unevenly distributed. It''s the maximum permitted difference + between the number of matching pods in any two topology + domains of a given topology type. For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with the same labelSelector + spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | + - if MaxSkew is 1, incoming pod can only be scheduled to + zone3 to become 1/1/1; scheduling it onto zone1(zone2) would + make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any + zone. It''s a required field. Default value is 1 and 0 is + not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule + (default) tells the scheduler not to schedule it - ScheduleAnyway + tells the scheduler to still schedule it It''s considered + as "Unsatisfiable" if and only if placing incoming pod on + any topology violates "MaxSkew". For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with the same labelSelector + spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod + can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). + In other words, the cluster can still be imbalanced, but + scheduler won''t make it *more* imbalanced. It''s a required + field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + replicas: + description: Replicas is the desired number of replicas of the given + Template. Change will roll the cluster + format: int32 + type: integer + storageClass: + description: StorageClass defines the user provided storage class. If + not configured, it will use default storage class. + properties: + name: + description: Name defines name is the storage class reference name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLS defines TLS setting + properties: + autoGeneratedCerts: + description: AutoGenerated if configures generates the certificates + based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where keystore/truststore.jks/jksPassword.txt keys + are mounted. CP will not configure truststore.jks can be ignored + with IgnoreTrustStoreConfig field + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the truststore + configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced for + jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced for + jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for certificates + More information about certificates key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - dataVolumeCapacity + - image + - logVolumeCapacity + - replicas + type: object + status: + description: ZookeeperStatus defines the observed state of Zookeeper + properties: + authenticationType: + type: string + authorizationType: + type: string + clusterName: + description: ClusterName defines the name of the cluster + type: string + clusterNamespace: + description: ClusterNamespace provides the namespace where cluster is + running + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + currentReplicas: + description: CurrentReplicas defines current running replicas + format: int32 + type: integer + endpoint: + type: string + internalSecrets: + description: InternalSecrets defines the list of internal secrets created + by Operator for each CP component. + items: + type: string + type: array + internalTopicNames: + description: InternalTopicNames is a list of topics used by the component + for internal use + items: + type: string + type: array + myIdOffset: + description: MyIdOffset myid offset configuration + format: int32 + type: integer + operatorVersion: + description: OperatorVersion defines the internal version of operator + type: string + phase: + description: Phase defines the state of the CP component + type: string + readyReplicas: + description: ReadyReplicas defines current ready replicas + format: int32 + type: integer + replicas: + description: Replicas defines replicas + format: int32 + type: integer + tls: + type: boolean + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.0.4/templates/clusterrole.yaml b/base/cfk-base/2.0.4/templates/clusterrole.yaml new file mode 100644 index 0000000..1a6837b --- /dev/null +++ b/base/cfk-base/2.0.4/templates/clusterrole.yaml @@ -0,0 +1,118 @@ +--- +# Source: confluent-for-kubernetes/templates/clusterrole.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: confluent-for-kubernetes + app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: confluent-for-kubernetes-0.174.34 + name: confluent-operator +rules: +- apiGroups: + - cluster.confluent.com + resources: + - zookeeperclusters + - zookeeperclusters/status + - zookeeperclusters/scale + - zookeeperclusters/finalizers + - kafkaclusters + - kafkaclusters/status + - kafkaclusters/scale + - kafkaclusters/finalizers + verbs: + - '*' +- apiGroups: + - operator.confluent.cloud + resources: + - physicalstatefulclusters + - physicalstatefulclusters/scale + - physicalstatefulclusters/status + - physicalstatefulclusters/finalizers + verbs: + - '*' +- apiGroups: + - platform.confluent.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - route.openshift.io + resources: + - routes + - routes/custom-host + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - apps + resources: + - statefulsets + - statefulsets/scale + - statefulsets/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps + - events + - persistentvolumeclaims + - secrets + - secrets/finalizers + - pods + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - networking.k8s.io + resources: + - ingresses + - ingresses/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get diff --git a/base/cfk-base/2.0.4/templates/clusterrolebinding.yaml b/base/cfk-base/2.0.4/templates/clusterrolebinding.yaml new file mode 100644 index 0000000..5a24a75 --- /dev/null +++ b/base/cfk-base/2.0.4/templates/clusterrolebinding.yaml @@ -0,0 +1,21 @@ +--- +# Source: confluent-for-kubernetes/templates/clusterrolebinding.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: + app: confluent-for-kubernetes + app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: confluent-for-kubernetes-0.174.34 + name: confluent-operator +subjects: +- kind: ServiceAccount + name: confluent-for-kubernetes + namespace: default +roleRef: + kind: ClusterRole + name: confluent-operator + apiGroup: rbac.authorization.k8s.io diff --git a/base/cfk-base/2.0.4/templates/deployment.yaml b/base/cfk-base/2.0.4/templates/deployment.yaml new file mode 100644 index 0000000..d848ea0 --- /dev/null +++ b/base/cfk-base/2.0.4/templates/deployment.yaml @@ -0,0 +1,82 @@ +--- +# Source: confluent-for-kubernetes/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: confluent-for-kubernetes + app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: confluent-for-kubernetes-0.174.34 + version: 0.174.34 + name: confluent-operator + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: "confluent-operator" + app.kubernetes.io/instance: release-name + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: + prometheus.io/path: "/metrics" + prometheus.io/port: "7778" + prometheus.io/scrape: "true" + labels: + app: "confluent-operator" + app.kubernetes.io/name: "confluent-operator" + app.kubernetes.io/instance: release-name + confluent-platform: "true" + version: 0.174.34 + spec: + securityContext: + fsGroup: 1001 + runAsNonRoot: true + runAsUser: 1001 + containers: + - args: + - --debug=false + name: confluent-operator + image: docker.io/confluentinc/confluent-operator:0.174.34 + imagePullPolicy: IfNotPresent + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + readinessProbe: + httpGet: + port: 8080 + path: /readyz + livenessProbe: + httpGet: + port: 8080 + path: /healthz + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: NODEIP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_ENTITY_ID + valueFrom: + fieldRef: + fieldPath: metadata.uid + serviceAccountName: confluent-for-kubernetes + restartPolicy: Always + terminationGracePeriodSeconds: 30 diff --git a/base/cfk-base/2.0.4/templates/kustomization.yaml b/base/cfk-base/2.0.4/templates/kustomization.yaml new file mode 100644 index 0000000..e9867e7 --- /dev/null +++ b/base/cfk-base/2.0.4/templates/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - licensing.yaml + - clusterrole.yaml + - clusterrolebinding.yaml + - deployment.yaml + - service.yaml + - serviceaccount.yaml diff --git a/base/cfk-base/2.0.4/templates/licensing.yaml b/base/cfk-base/2.0.4/templates/licensing.yaml new file mode 100644 index 0000000..7d84812 --- /dev/null +++ b/base/cfk-base/2.0.4/templates/licensing.yaml @@ -0,0 +1,17 @@ +--- +# Source: confluent-for-kubernetes/templates/licensing.yaml +apiVersion: v1 +kind: Secret +metadata: + labels: + app: confluent-for-kubernetes + app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: confluent-for-kubernetes-0.174.34 + namespace: default + name: confluent-operator-licensing +type: Opaque +data: + publicKey.pem: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF2YUd5OFRPZGJDTXlTTTd6cVpzeApuNjJ5dUUrQmhJUGxjOXo5Y3RyWCt0QldOQ0NKZVBaYktIVFpTOXVLTGVLVWk5dTA3dHMvMzVYUm5FNEFURDZxCmx3am5Tb0pPa2VJWGNZaUorWEdFeE4xb1JFOFJsNW90dmRtSkVzYjlZNkpzZmUybFJDQ3NaTng2azFzMU5tUUYKUjR3blJpS3lsSWlZSjl1V1VHZkgxOEpLWnFNOHo5UXFrWi8relFrekhOWXNYbi9ZeVJ1RElRWGVVU2VjaHI5MwpKanQ3OUFpa3NraWNvVDA0bHF6L0dhSHoyV0pFeXV2TExFMWpOQk9Db21LbDA1UWIreXZKbUdudC83SFg2SFQ3CjNobkNYYnNsd3R6cDBDbWVHT2lKUmJKeGJhaGtURnFoMW9LcVpYVURDWnJLQ05OUnZYcU4vUUhxbmF3bzZrSnkKOHdJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0t diff --git a/base/cfk-base/2.0.4/templates/service.yaml b/base/cfk-base/2.0.4/templates/service.yaml new file mode 100644 index 0000000..a6b4a0f --- /dev/null +++ b/base/cfk-base/2.0.4/templates/service.yaml @@ -0,0 +1,24 @@ +--- +# Source: confluent-for-kubernetes/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + labels: + app: confluent-for-kubernetes + app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: confluent-for-kubernetes-0.174.34 + name: confluent-operator + namespace: default +spec: + ports: + - name: http-metric + port: 7778 + protocol: TCP + targetPort: 7778 + selector: + app: "confluent-operator" + app.kubernetes.io/name: "confluent-operator" + type: ClusterIP diff --git a/base/cfk-base/2.0.4/templates/serviceaccount.yaml b/base/cfk-base/2.0.4/templates/serviceaccount.yaml new file mode 100644 index 0000000..7ffc16b --- /dev/null +++ b/base/cfk-base/2.0.4/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +--- +# Source: confluent-for-kubernetes/templates/serviceaccount.yaml +apiVersion: v1 +imagePullSecrets: +- name: confluent-registry +kind: ServiceAccount +metadata: + labels: + app: confluent-for-kubernetes + app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: confluent-for-kubernetes-0.174.34 + name: confluent-for-kubernetes + namespace: default diff --git a/base/cfk-base/2.1.0/crds/kustomization.yaml b/base/cfk-base/2.1.0/crds/kustomization.yaml new file mode 100644 index 0000000..2ad3673 --- /dev/null +++ b/base/cfk-base/2.1.0/crds/kustomization.yaml @@ -0,0 +1,13 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - platform.confluent.io_confluentrolebindings.yaml + - platform.confluent.io_connects.yaml + - platform.confluent.io_controlcenters.yaml + - platform.confluent.io_kafkarestclasses.yaml + - platform.confluent.io_kafkas.yaml + - platform.confluent.io_kafkatopics.yaml + - platform.confluent.io_ksqldbs.yaml + - platform.confluent.io_migrationjobs.yaml + - platform.confluent.io_schemaregistries.yaml + - platform.confluent.io_zookeepers.yaml diff --git a/base/crds/crds/platform.confluent.io_confluentrolebindings.yaml b/base/cfk-base/2.1.0/crds/platform.confluent.io_confluentrolebindings.yaml similarity index 100% rename from base/crds/crds/platform.confluent.io_confluentrolebindings.yaml rename to base/cfk-base/2.1.0/crds/platform.confluent.io_confluentrolebindings.yaml diff --git a/base/crds/crds/platform.confluent.io_connectors.yaml b/base/cfk-base/2.1.0/crds/platform.confluent.io_connectors.yaml similarity index 100% rename from base/crds/crds/platform.confluent.io_connectors.yaml rename to base/cfk-base/2.1.0/crds/platform.confluent.io_connectors.yaml diff --git a/base/cfk-base/2.1.0/crds/platform.confluent.io_connects.yaml b/base/cfk-base/2.1.0/crds/platform.confluent.io_connects.yaml new file mode 100644 index 0000000..bbc5071 --- /dev/null +++ b/base/cfk-base/2.1.0/crds/platform.confluent.io_connects.yaml @@ -0,0 +1,3255 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_connects.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: connects.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: Connect + listKind: ConnectList + plural: connects + shortNames: + - connect + singular: connect + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.replicas + name: Replicas + type: string + - jsonPath: .status.readyReplicas + name: Ready + type: string + - jsonPath: .status.phase + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.kafka.bootstrapEndpoint + name: Kafka + priority: 1 + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: Connect is the Schema for the Connects API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ConnectSpec defines the desired state of Connect + properties: + authentication: + description: Rest server security fields + properties: + basic: + description: Basic defines basic authentication + properties: + debug: + description: Debug enables basic auth debug logs if true for + JAAS configuration + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic + credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on the + server side only. Changes will be only reflected in ControlCenter + (C3). This configuration is ignored on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on the + server side only. This configuration is ignored on the client + side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme for + Rest Server + enum: + - basic + - mtls + type: string + required: + - type + type: object + authorization: + description: Authorization + properties: + kafkaRestClassRef: + description: KafkaRestClassRef defines the reference for KafkaRestClass + which defines Kafka Rest API + properties: + name: + description: Name defines the name of KafkaRestClass + minLength: 1 + type: string + namespace: + description: Namespace defines the namespace of the KafkaRestClass + type: string + required: + - name + type: object + type: + enum: + - rbac + type: string + required: + - type + type: object + build: + description: Build defines the build configurations for connector + plugins + properties: + onDemand: + description: OnDemand defines the build configurations for build + type onDemand + properties: + plugins: + description: ConnectorPlugins defines the install information + of plugins requested to be installed + properties: + confluentHub: + description: ConfluentHub defines the list of ConfluentHubPlugin + getting from the Confluent Hub + items: + description: ConfluentHubPlugin defines the information + to get the plugin from confluent hub + properties: + name: + description: Name defines the name of the connector + plugin + minLength: 1 + type: string + owner: + description: 'Owner defines the individual or organization + provides the plugin, for example: confluentinc' + minLength: 1 + type: string + version: + description: Version defines the version of plugin, + which can be either the version of the component + or the literal `latest` + minLength: 1 + type: string + required: + - name + - owner + - version + type: object + type: array + locationType: + description: LocationType defines location to get the + plugins + enum: + - confluentHub + - url + type: string + url: + description: URL defines the list of URLPlugin getting + from external URL + items: + description: URLConnector defines the information to + get the plugin from URL + properties: + archivePath: + description: ArchivePath defines the archive path + of the plugin + minLength: 1 + pattern: ^https?://.* + type: string + checksum: + description: Checksum defines the sha512sum checksum + of the plugin's remote file, used to verify the + remote file after download + type: string + name: + description: Name defines the connector plugin name + minLength: 1 + type: string + required: + - archivePath + - checksum + - name + type: object + type: array + required: + - locationType + type: object + storageLimit: + anyOf: + - type: integer + - type: string + description: StorageLimit defines the max amount of node volume + can be used to store the connector plugins, default value + is 4G. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - plugins + type: object + type: + description: Type defines the build type for connector plugins, + currently only support onDemand type + enum: + - onDemand + type: string + required: + - type + type: object + configOverrides: + description: ConfigurationOverrides defines capability to override + server/jvm/log4j properties for each Confluent platform component. + Change will roll the cluster + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + connectorOverridePolicy: + description: ConnectorOverridePolicy allows policy to permit per-connector + override configuration for producer/consumer/admin prefix. More + information can be found here, https://docs.confluent.io/platform/current/connect/security.html#separate-principals + enum: + - All + - Principal + type: string + connectorTLSCerts: + description: ConnectorTLSCerts defines the list of CustomTLSCertificate + injected in connect cluster for connector use. Please check connect + status for the mount path of the certificates. Change will roll + the cluster + items: + description: CustomTLSCertificate defines custom TLS structure for + the child resources(connector, topic, schema, etc) of CP component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. + minLength: 1 + type: string + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: array + dependencies: + description: ConnectDependencies holds dependencies a connect requires + or can enable + properties: + admin: + description: configure admin client If bootstrapEndpoint is not + configured, the security is configured based on the kafka dependencies + configuration. Configure if different bootstrapEndpoint is required + for admin client + properties: + authentication: + description: Authentication defines the authentication for + the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to + pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to + discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if + not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + consumer: + description: Consumer security configuration to connect to Kafka + Cluster pointed by bootstrapEndpoint, used for sink connectors. + If bootstrapEndpoint is not configured, the security is configured + based on the kafka dependencies configuration. Configure if + different bootstrapEndpoint is required for consumer + properties: + authentication: + description: Authentication defines the authentication for + the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to + pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to + discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if + not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + interceptor: + description: configure confluent monitoring interceptor + properties: + configs: + description: Configs defines configs for the CP interceptor + Config override feature can be used to pass config + items: + type: string + type: array + consumer: + description: Consumer defines the consumer configuration for + interceptor. If not configured it will use the kafka dependency + configuration + properties: + authentication: + description: Authentication defines the authentication + for the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's + JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference + to pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete + JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name + referenced for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability + to discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component + is running Uses the same namespace where Operator + is running if not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side + TLS setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the + directory path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration + for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure + ignores the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name + referenced for jks password More information + about jks password key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + enabled: + description: Enabled defines to enable the CP interceptor + configuration + type: boolean + producer: + description: Producer defines the producer configuration for + interceptor. If not configured it will use the kafka dependency + configuration + properties: + authentication: + description: Authentication defines the authentication + for the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's + JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference + to pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete + JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name + referenced for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability + to discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component + is running Uses the same namespace where Operator + is running if not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side + TLS setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the + directory path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration + for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure + ignores the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name + referenced for jks password More information + about jks password key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + publishMs: + type: integer + required: + - enabled + type: object + kafka: + description: Connect dependency for connecting to kafka. Uses + discovery if that specified + properties: + authentication: + description: Authentication defines the authentication for + the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to + pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to + discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if + not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: Mds configurations for when RBAC is enabled + properties: + authentication: + description: Authentication defines MDS authentication configuration + properties: + bearer: + description: BearerAuthentication defines bearer authentication + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines the authentication type support + for MDS + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: Endpoint defines the mds endpoint + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: ClientTLSConfig defines TLS configuration for + CP component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: TokenKeyPair defines the token keypair to configure + MDS + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - authentication + - endpoint + - tokenKeyPair + type: object + producer: + description: Producer security configuration to connect to Kafka + Cluster pointed by bootstrapEndpoint, used for source connectors. + If bootstrapEndpoint is not configured, the security is configured + based on the kafka dependencies configuration. Configure if + different bootstrapEndpoint/security is required for producer + properties: + authentication: + description: Authentication defines the authentication for + the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to + pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to + discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if + not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + schemaRegistry: + description: configure connect dependency for schemaregistry + properties: + authentication: + description: Authentication defines the authentication for + the schemaregistry cluster + properties: + basic: + description: Basic defines basic authentication + properties: + debug: + description: Debug enables basic auth debug logs if + true for JAAS configuration + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass + basic credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles + on the server side only. Changes will be only reflected + in ControlCenter (C3). This configuration is ignored + on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is ignored + on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for schemaregistry cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - url + type: object + type: object + enableSchemas: + description: EnableSchemas defines whether to enable scheme or not + type: boolean + externalAccess: + description: CPExternalAccess holds all external access policies for + non-kafka components + properties: + loadBalancer: + description: LoadBalancer allows to create a kubernetes load balancer + service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the + kubernetes service type load balancer + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring source + range + items: + type: string + type: array + port: + description: Port allows to configure external port for client + consumption If not configured, same internal/external port + will be configured per component Information about the port + can be retrieved through status API + format: int32 + type: integer + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard service + names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be + enabled with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in + the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this + is not specified, the value of the ''port'' field + is used (an identity map). This field is ignored for + services with clusterIP=None, and should be omitted + or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'SessionAffinity Supports "ClientIP" and "None". + Used to maintain session affinity. Enable client IP based + session affinity. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of session affinity + properties: + clientIP: + description: clientIP contains the configurations of Client + IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node port + service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the + kubernetes service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port offset + to be used and will go in the increasing order with respect + to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) For Kafka with nodePort type, it will only + apply to kafka bootstrap service + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard service + names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be + enabled with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in + the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this + is not specified, the value of the ''port'' field + is used (an identity map). This field is ignored for + services with clusterIP=None, and should be omitted + or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'SessionAffinity Supports "ClientIP" and "None". + Used to maintain session affinity. Enable client IP based + session affinity. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of session affinity + properties: + clientIP: + description: clientIP contains the configurations of Client + IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for OpenShift + Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the + OpenShift service type route + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. It defaults + to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: Type defines supported kubernetes external services + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + image: + description: Image defines application and init docker image configuration. + Change will roll the cluster + properties: + application: + description: Application defines application docker image name + pattern: .+:.+ + type: string + init: + description: Init defines init-container name + pattern: .+:.+ + type: string + pullPolicy: + description: ImagePullPolicy, One of Always, Never, IfNotPresent. + Defaults to IfNotPresent. + enum: + - Always + - Never + - IfNotPresent + type: string + pullSecretRef: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods + that reference this ServiceAccount. ImagePullSecrets are distinct + from Secrets because Secrets can be mounted in the pod, but + ImagePullSecrets are only accessed by the kubelet. More info: + https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: InjectAnnotations annotations are injected to all the + internal resources created by Operator. All the internal annotations + is preserved and forbidden to override. For pod annotations, use + podTemplate.annotations + type: object + injectLabels: + additionalProperties: + type: string + description: InjectLabels labels are injected to all the internal + resources created by Operator. All the internal labels is preserved + and forbidden to override. For pod labels, use podTemplate.labels + type: object + internalTopicReplicationFactor: + description: ' InternalTopicReplicationFactor defines internal topic + replication factor If not configured, it will be configured as + 3' + format: int32 + type: integer + k8sClusterDomain: + description: K8SClusterDomain defines configuring kubernetes cluster + domain if required. If this setting is not configured it will default + to cluster.local domain. + type: string + keyConverterType: + description: KeyConverter defines the supported converters package + for CP platform Supported converter types here, https://docs.confluent.io/current/connect/concepts.html#connect-converters + By default, it is configured as org.apache.kafka.connect.json.JsonConverter + minLength: 1 + type: string + license: + description: License defines license configuration for Confluent + platform component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where license key is mounted. More information + about the usage be found in Confluent Operator document. + minLength: 1 + type: string + globalLicense: + description: GlobalLicense specifies whether operator pod license + will be used for this component If enabled then Confluent platform + component shares Confluent Operator license. + type: boolean + secretRef: + description: SecretRef is secret reference which provides license + for CP component More information about the license key struct + can be found in Confluent Operator document. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + metrics: + description: Metrics specifies the security settings for metric services + properties: + authentication: + description: Metrics security authentication + properties: + type: + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: Override for jmx-prometheus exporter configs + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Prometheus exporter rule override + properties: + attrNameSnakeCase: + type: boolean + cache: + type: boolean + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: MountedSecrets defines list of secrets reference injected + to the the underlying statefulset configuration. The secret reference + is mounted secret mounted in default path /mnt/secrets/. + The underlying resources will follow the secret as a file configuration + as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod + Change will roll the cluster + items: + description: MountedSecrets allows provides a way to inject custom + secret to underlying statefulset. + properties: + keyItems: + description: keyItems is list of key and path names + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be in + conflict with other options that affect the file mode, + like fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: SecretRef defines the secret name referenced + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + oneReplicaPerNode: + description: OneReplicaPerNode enforces to run 1 pod per node through + pod anti-affinity capability. Enabling this configuration in existing + cluster will roll. Change will roll the cluster + type: boolean + podTemplate: + description: PodTemplate defines some statefulset pod template configuration + properties: + affinity: + description: 'Affinity is a group of affinity scheduling rules. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from + its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term + matches no objects. The requirements of them are + ANDed. The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node that + violates one or more of the expressions. The node that + is most preferred is the one with the greatest sum of + weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod + label update), the system may or may not try to eventually + evict the pod from its node. When there are multiple + elements, the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations defines an unstructured key value map + stored with a resource that may be set by external tools to + store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + envVars: + description: 'EnvVars defines the collection of EnvVar to inject + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Labels defines map of string keys and values that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present + in container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to + all containers in a pod. Some volume types allow the Kubelet + to change the ownership of that volume to be owned by the + pod: \n 1. The owning GID will be the FSGroup 2. The setgid + bit is set (new files created in the volume will be owned + by FSGroup) 3. The permission bits are OR'd with rw-rw---- + \n If unset, the Kubelet will not modify the ownership and + permissions of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence + for that container. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process + run in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options within a container's + SecurityContext will be used. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName defines priority class for the + pod (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: Probe defines some fields of standard kubernetes + readiness/liveness probe configuration. + properties: + liveness: + description: Liveness allows to configure some some probe + configuration The changes will override the existing default + configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has + started before probes are initiated. CP component comes + with right configuration, not required to change most + of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + readiness: + description: Readiness allows to configure some some probe + configuration The changes will override the existing default + configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has + started before probes are initiated. CP component comes + with right configuration, not required to change most + of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + type: object + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds defines grace period + for pod deletion + format: int64 + type: integer + tolerations: + description: Tolerations defines The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator . + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraints describes how a group of + pods ought to spread across topology domains. Scheduler will + schedule pods in a way which abides by the constraints. All + topologySpreadConstraints are ANDed. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods + may be unevenly distributed. It''s the maximum permitted + difference between the number of matching pods in any + two topology domains of a given topology type. For example, + in a 3-zone cluster, MaxSkew is set to 1, and pods with + the same labelSelector spread as 1/1/0: | zone1 | zone2 + | zone3 | | P | P | | - if MaxSkew is 1, + incoming pod can only be scheduled to zone3 to become + 1/1/1; scheduling it onto zone1(zone2) would make the + ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - + if MaxSkew is 2, incoming pod can be scheduled onto any + zone. It''s a required field. Default value is 1 and 0 + is not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - + DoNotSchedule (default) tells the scheduler not to schedule + it - ScheduleAnyway tells the scheduler to still schedule + it It''s considered as "Unsatisfiable" if and only if + placing incoming pod on any topology violates "MaxSkew". + For example, in a 3-zone cluster, MaxSkew is set to 1, + and pods with the same labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | | P P P | P | P | If + WhenUnsatisfiable is set to DoNotSchedule, incoming pod + can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). + In other words, the cluster can still be imbalanced, but + scheduler won''t make it *more* imbalanced. It''s a required + field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + replicas: + description: Replicas is the desired number of replicas of the given + Template. Change will roll the cluster + format: int32 + type: integer + telemetry: + description: ConfluentTelemetry defines the confluent telemetry reporter + configuration + properties: + global: + description: Global will allow disabling telemetry configuration. + If Operator is deployed with telemetry, this field is only is + used to disabled. By default the value is true if telemetry + is enabled in global level. + type: boolean + type: object + tls: + description: TLS allows configuring CP Component's server configuration + properties: + autoGeneratedCerts: + description: AutoGenerated if configures generates the certificates + based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where keystore/truststore.jks/jksPassword.txt keys + are mounted. CP will not configure truststore.jks can be ignored + with IgnoreTrustStoreConfig field + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced for + jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value format + can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + valueConverterType: + description: ValueConverter defines the supported converters package + for CP platform Supported converter types here, https://docs.confluent.io/current/connect/concepts.html#connect-converters + By default, it is configured as org.apache.kafka.connect.json.JsonConverter + minLength: 1 + type: string + required: + - image + - replicas + type: object + status: + description: ConnectStatus defines the observed state of Connect + properties: + authorizationType: + type: string + clusterName: + description: ClusterName defines the name of the cluster + type: string + clusterNamespace: + description: ClusterNamespace provides the namespace where cluster + is running + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition + is evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + connectorPlugins: + items: + description: ConnectorPlugin define the state of connector plugin + properties: + class: + description: ClassName defines the class name of the connector + plugin + type: string + type: + description: Type defines the type of the connector plugin, + which can be SOURCE, SINK or UNKNOWN + type: string + version: + description: Version defines the current version of the connector + plugin + type: string + required: + - class + type: object + type: array + connectorTLSFilePaths: + items: + description: CustomTLSFilePathStatus defines the file paths of custom + TLS certificates + properties: + jksPasswordPath: + description: JksPasswordPath defines the absolute path of the + jksPassword.txt file + type: string + keyStorePath: + description: KeyStorePath defines the absolute path of the truststore + .jks or .p12 file + type: string + trustStorePath: + description: TrustStorePath defines the absolute path of the + truststore .jks or .p12 file + type: string + type: object + type: array + currentReplicas: + description: CurrentReplicas defines current running replicas + format: int32 + type: integer + groupId: + type: string + internalSecrets: + description: InternalSecrets defines the list of internal secrets + created by Operator for each CP component. + items: + type: string + type: array + internalTopicNames: + description: InternalTopicNames is a list of topics used by the component + for internal use + items: + type: string + type: array + kafka: + description: KafkaClientInfoStatus defines the kafka client side status + for all CP component + properties: + authenticationType: + description: AuthenticationType defines the authentication type + for kafka + type: string + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + type: string + tls: + description: TLS defines if tls is enabled for kafka dependency + type: boolean + type: object + operatorVersion: + description: OperatorVersion defines the internal version of operator + type: string + phase: + description: Phase defines the state of the CP component + type: string + rbac: + description: RBACInfoStatus defines RBAC related status when RBAC + is enabled + properties: + clusterId: + description: ClusterId defines the id of cluster + type: string + internalRolebindings: + description: RolebindingState defines the state of internal rolebindings + items: + type: string + type: array + type: object + readyReplicas: + description: ReadyReplicas defines current ready replicas + format: int32 + type: integer + replicas: + description: Replicas defines replicas + format: int32 + type: integer + restConfig: + description: ListenerStatus describes general information about a + listeners + properties: + advertisedExternalEndpoints: + description: AdvertisedExternalEndpoints defines other advertised + endpoints, especially use for kafka + items: + type: string + type: array + authenticationType: + description: AuthenticationType defines authentication type configured + by a listener + type: string + externalAccessType: + description: ExternalAccessType is the external access type used + for the listener + type: string + externalEndpoint: + description: ExternalEndpoint defines the external endpoint to + connect to the service + type: string + internalEndpoint: + description: InternalEndpoint defines the internal endpoint to + connect to the service + type: string + tls: + description: TLS defines whether tls is configured by a listener + type: boolean + type: object + selector: + description: Selector gets the label selector of the child pod. The + Horizontal Pod Autoscaler(HPA) will scale using label selector of + the child pod. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.1.0/crds/platform.confluent.io_controlcenters.yaml b/base/cfk-base/2.1.0/crds/platform.confluent.io_controlcenters.yaml new file mode 100644 index 0000000..eaa4fd4 --- /dev/null +++ b/base/cfk-base/2.1.0/crds/platform.confluent.io_controlcenters.yaml @@ -0,0 +1,3030 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_controlcenters.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: controlcenters.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: ControlCenter + listKind: ControlCenterList + plural: controlcenters + shortNames: + - controlcenter + - c3 + singular: controlcenter + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.replicas + name: Replicas + type: string + - jsonPath: .status.readyReplicas + name: Ready + type: string + - jsonPath: .status.phase + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.kafka.bootstrapEndpoint + name: Kafka + priority: 1 + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: ControlCenter is the Schema for the controlcenter API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ControlCenterSpec defines the desired state of ControlCenter + properties: + authentication: + description: Authentication defines the rest-endpoint configuration + properties: + basic: + description: BasicAuthentication defines basic authentication + properties: + debug: + description: Debug enables basic auth debug logs if true for + JAAS configuration + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic + credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on the + server side only. Changes will be only reflected in ControlCenter + (C3). This configuration is ignored on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on the + server side only. This configuration is ignored on the client + side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + ldap: + description: C3LdapAuthentication defines ldap authentication + properties: + debug: + description: Debug enables basic auth debug logs if true for + JAAS configuration + type: boolean + property: + additionalProperties: + type: string + description: Property defines all the properties for LDAP + configuration Make sure to use secret object to pass username/password + type: object + restrictedRoles: + description: RestrictedRoles defines restricted access roles + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on the + server side only. + items: + type: string + minItems: 1 + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - basic + - ldap + - mtls + type: string + required: + - type + type: object + authorization: + description: Authorization defines authorization configurations + properties: + kafkaRestClassRef: + description: KafkaRestClassRef defines the reference for KafkaRestClass + which defines Kafka Rest API + properties: + name: + description: Name defines the name of KafkaRestClass + minLength: 1 + type: string + namespace: + description: Namespace defines the namespace of the KafkaRestClass + type: string + required: + - name + type: object + type: + enum: + - rbac + type: string + required: + - type + type: object + configOverrides: + description: ConfigurationOverrides defines capability to override + server/jvm/log4j properties for each Confluent platform component. + Change will roll the cluster + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + dataVolumeCapacity: + anyOf: + - type: integer + - type: string + description: DataVolumeCapacity defines the data size for PV + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + dependencies: + description: Dependencies defines all the dependencies service configuration + properties: + connect: + description: Connect defines connect worker dependencies configuration + items: + description: ControlCenterConnectDependency + properties: + authentication: + description: Authentication defines the authentication for + the connect cluster + properties: + basic: + description: Basic defines basic authentication + properties: + debug: + description: Debug enables basic auth debug logs + if true for JAAS configuration + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer allows to + pass basic credential through directory path in + a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted + roles on the server side only. Changes will be + only reflected in ControlCenter (C3). This configuration + is ignored on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is + ignored on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + name: + description: Name defines the cluster name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + tls: + description: TLSDependencyConfig defines the client side + TLS setting for connect cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - name + - url + type: object + type: array + kafka: + description: Kafka defines kafka dependencies configuration + properties: + authentication: + description: Authentication defines the authentication for + the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to + pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to + discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if + not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + ksqldb: + description: KsqlDB defines ksqldb dependencies configuration + items: + description: ControlCenterKSQLDependency + properties: + advertisedUrl: + description: AdvertisedURL defines the advertised url to + use in browser. + minLength: 1 + pattern: ^https?://.* + type: string + authentication: + description: Authentication defines the authentication for + the ksqldb cluster + properties: + basic: + description: Basic defines basic authentication + properties: + debug: + description: Debug enables basic auth debug logs + if true for JAAS configuration + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer allows to + pass basic credential through directory path in + a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted + roles on the server side only. Changes will be + only reflected in ControlCenter (C3). This configuration + is ignored on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is + ignored on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + name: + description: Name defines the cluster name + minLength: 1 + type: string + tls: + description: TLSDependencyConfig defines the client side + TLS setting for ksqldb cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - name + - url + type: object + type: array + mds: + description: MDSDependencies defines the RBAC dependencies configurations + properties: + authentication: + description: Authentication defines MDS authentication configuration + properties: + bearer: + description: BearerAuthentication defines bearer authentication + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines the authentication type support + for MDS + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: Endpoint defines the mds endpoint + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: ClientTLSConfig defines TLS configuration for + CP component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: TokenKeyPair defines the token keypair to configure + MDS + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - authentication + - endpoint + - tokenKeyPair + type: object + schemaRegistry: + description: SchemaRegistry defines schema registry dependencies + configuration + properties: + authentication: + description: Authentication defines the authentication for + the schemaregistry cluster + properties: + basic: + description: Basic defines basic authentication + properties: + debug: + description: Debug enables basic auth debug logs if + true for JAAS configuration + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass + basic credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles + on the server side only. Changes will be only reflected + in ControlCenter (C3). This configuration is ignored + on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is ignored + on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + clusters: + items: + description: ControlCenterMultiSchemaRegistryDependency + properties: + authentication: + description: Authentication defines the authentication + for the schemaregistry cluster + properties: + basic: + description: Basic defines basic authentication + properties: + debug: + description: Debug enables basic auth debug + logs if true for JAAS configuration + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer allows + to pass basic credential through directory + path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted + roles on the server side only. Changes will + be only reflected in ControlCenter (C3). This + configuration is ignored on the client side + configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration + is ignored on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication + scheme for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + name: + description: Name defines the cluster name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + tls: + description: TLSDependencyConfig defines the client + side TLS setting for schemaregistry cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the + directory path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration + for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure + ignores the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name + referenced for jks password + properties: + secretRef: + description: SecretRef defines the secret name + referenced for jks password More information + about jks password key/value format can be + found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - name + - url + type: object + type: array + tls: + description: TLSDependencyConfig defines the client side TLS + setting for schemaregistry cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - url + type: object + type: object + externalAccess: + description: ExternalAccess defines the external access configuration + properties: + loadBalancer: + description: LoadBalancer allows to create a kubernetes load balancer + service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the + kubernetes service type load balancer + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring source + range + items: + type: string + type: array + port: + description: Port allows to configure external port for client + consumption If not configured, same internal/external port + will be configured per component Information about the port + can be retrieved through status API + format: int32 + type: integer + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard service + names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be + enabled with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in + the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this + is not specified, the value of the ''port'' field + is used (an identity map). This field is ignored for + services with clusterIP=None, and should be omitted + or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'SessionAffinity Supports "ClientIP" and "None". + Used to maintain session affinity. Enable client IP based + session affinity. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of session affinity + properties: + clientIP: + description: clientIP contains the configurations of Client + IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node port + service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the + kubernetes service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port offset + to be used and will go in the increasing order with respect + to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) For Kafka with nodePort type, it will only + apply to kafka bootstrap service + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard service + names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be + enabled with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in + the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this + is not specified, the value of the ''port'' field + is used (an identity map). This field is ignored for + services with clusterIP=None, and should be omitted + or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'SessionAffinity Supports "ClientIP" and "None". + Used to maintain session affinity. Enable client IP based + session affinity. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of session affinity + properties: + clientIP: + description: clientIP contains the configurations of Client + IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for OpenShift + Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the + OpenShift service type route + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. It defaults + to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: Type defines supported kubernetes external services + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + id: + description: ControlCenterID identifier used as a prefix so that multiple + instances of Control Center can co-exist. + format: int32 + type: integer + image: + description: Image defines application and init docker image configuration. + Change will roll the cluster + properties: + application: + description: Application defines application docker image name + pattern: .+:.+ + type: string + init: + description: Init defines init-container name + pattern: .+:.+ + type: string + pullPolicy: + description: ImagePullPolicy, One of Always, Never, IfNotPresent. + Defaults to IfNotPresent. + enum: + - Always + - Never + - IfNotPresent + type: string + pullSecretRef: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods + that reference this ServiceAccount. ImagePullSecrets are distinct + from Secrets because Secrets can be mounted in the pod, but + ImagePullSecrets are only accessed by the kubelet. More info: + https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: InjectAnnotations annotations are injected to all the + internal resources created by Operator. All the internal annotations + is preserved and forbidden to override. For pod annotations, use + podTemplate.annotations + type: object + injectLabels: + additionalProperties: + type: string + description: InjectLabels labels are injected to all the internal + resources created by Operator. All the internal labels is preserved + and forbidden to override. For pod labels, use podTemplate.labels + type: object + internalTopicReplicatorFactor: + format: int32 + type: integer + k8sClusterDomain: + description: K8SClusterDomain defines configuring kubernetes cluster + domain if required. If this setting is not configured it will default + to cluster.local domain. + type: string + license: + description: License defines license configuration for Confluent + platform component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where license key is mounted. More information + about the usage be found in Confluent Operator document. + minLength: 1 + type: string + globalLicense: + description: GlobalLicense specifies whether operator pod license + will be used for this component If enabled then Confluent platform + component shares Confluent Operator license. + type: boolean + secretRef: + description: SecretRef is secret reference which provides license + for CP component More information about the license key struct + can be found in Confluent Operator document. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + mail: + description: ControlCenterSMTPServer, these settings control the SMTP + server and account used when an alerts triggers the email action. + properties: + authentication: + description: Authentication SMTP supports basic authentication + support only For other types of authentication use config overrides + capability. + properties: + basic: + description: Basic defines basic authentication + properties: + debug: + description: Debug enables basic auth debug logs if true + for JAAS configuration + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic + credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles + on the server side only. Changes will be only reflected + in ControlCenter (C3). This configuration is ignored + on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is ignored + on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + checkServerIdentity: + description: CheckServerIdentity forces validation of server’s + certificate when using STARTTLS or SSL. + type: boolean + hostname: + description: Hostname of outgoing SMTP server + minLength: 1 + type: string + mailBounceAddress: + description: MailBounceAddress override for MailFrom config to + send message + minLength: 1 + type: string + mailFrom: + description: MailFrom the originating address for emails sent + from Control Center. + minLength: 1 + type: string + port: + description: Port SMTP port open on for hostname + format: int32 + type: integer + startTLSRequired: + description: StartTLSRequired forces using STARTTLS. + type: boolean + required: + - hostname + type: object + metrics: + description: Metrics specifies the security settings for metric services + properties: + authentication: + description: Metrics security authentication + properties: + type: + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: Override for jmx-prometheus exporter configs + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Prometheus exporter rule override + properties: + attrNameSnakeCase: + type: boolean + cache: + type: boolean + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + monitoringKafkaClusters: + description: MonitoringKafkaClusters defines configuring monitoring + clusters + items: + description: MonitoringKafkaClusters kafka cluster configuration + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + name: + description: Name defines the cluster name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + required: + - name + type: object + type: array + mountedSecrets: + description: MountedSecrets defines list of secrets reference injected + to the the underlying statefulset configuration. The secret reference + is mounted secret mounted in default path /mnt/secrets/. + The underlying resources will follow the secret as a file configuration + as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod + Change will roll the cluster + items: + description: MountedSecrets allows provides a way to inject custom + secret to underlying statefulset. + properties: + keyItems: + description: keyItems is list of key and path names + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be in + conflict with other options that affect the file mode, + like fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: SecretRef defines the secret name referenced + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + name: + description: ControlCenterName name of the cluster + type: string + oneReplicaPerNode: + description: OneReplicaPerNode enforces to run 1 pod per node through + pod anti-affinity capability. Enabling this configuration in existing + cluster will roll. Change will roll the cluster + type: boolean + podTemplate: + description: PodTemplate defines some statefulset pod template configuration + properties: + affinity: + description: 'Affinity is a group of affinity scheduling rules. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from + its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term + matches no objects. The requirements of them are + ANDed. The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node that + violates one or more of the expressions. The node that + is most preferred is the one with the greatest sum of + weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod + label update), the system may or may not try to eventually + evict the pod from its node. When there are multiple + elements, the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations defines an unstructured key value map + stored with a resource that may be set by external tools to + store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + envVars: + description: 'EnvVars defines the collection of EnvVar to inject + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Labels defines map of string keys and values that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present + in container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to + all containers in a pod. Some volume types allow the Kubelet + to change the ownership of that volume to be owned by the + pod: \n 1. The owning GID will be the FSGroup 2. The setgid + bit is set (new files created in the volume will be owned + by FSGroup) 3. The permission bits are OR'd with rw-rw---- + \n If unset, the Kubelet will not modify the ownership and + permissions of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence + for that container. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process + run in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options within a container's + SecurityContext will be used. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName defines priority class for the + pod (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: Probe defines some fields of standard kubernetes + readiness/liveness probe configuration. + properties: + liveness: + description: Liveness allows to configure some some probe + configuration The changes will override the existing default + configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has + started before probes are initiated. CP component comes + with right configuration, not required to change most + of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + readiness: + description: Readiness allows to configure some some probe + configuration The changes will override the existing default + configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has + started before probes are initiated. CP component comes + with right configuration, not required to change most + of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + type: object + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds defines grace period + for pod deletion + format: int64 + type: integer + tolerations: + description: Tolerations defines The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator . + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraints describes how a group of + pods ought to spread across topology domains. Scheduler will + schedule pods in a way which abides by the constraints. All + topologySpreadConstraints are ANDed. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods + may be unevenly distributed. It''s the maximum permitted + difference between the number of matching pods in any + two topology domains of a given topology type. For example, + in a 3-zone cluster, MaxSkew is set to 1, and pods with + the same labelSelector spread as 1/1/0: | zone1 | zone2 + | zone3 | | P | P | | - if MaxSkew is 1, + incoming pod can only be scheduled to zone3 to become + 1/1/1; scheduling it onto zone1(zone2) would make the + ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - + if MaxSkew is 2, incoming pod can be scheduled onto any + zone. It''s a required field. Default value is 1 and 0 + is not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - + DoNotSchedule (default) tells the scheduler not to schedule + it - ScheduleAnyway tells the scheduler to still schedule + it It''s considered as "Unsatisfiable" if and only if + placing incoming pod on any topology violates "MaxSkew". + For example, in a 3-zone cluster, MaxSkew is set to 1, + and pods with the same labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | | P P P | P | P | If + WhenUnsatisfiable is set to DoNotSchedule, incoming pod + can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). + In other words, the cluster can still be imbalanced, but + scheduler won''t make it *more* imbalanced. It''s a required + field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + replicas: + description: Replicas is the desired number of replicas of the given + Template. Change will roll the cluster + format: int32 + type: integer + storageClass: + description: StorageClass defines user provided storage class reference + properties: + name: + description: Name defines name is the storage class reference + name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + telemetry: + description: ConfluentTelemetry defines the confluent telemetry reporter + configuration + properties: + global: + description: Global will allow disabling telemetry configuration. + If Operator is deployed with telemetry, this field is only is + used to disabled. By default the value is true if telemetry + is enabled in global level. + type: boolean + type: object + tls: + description: TLS defines tls configuration for rest-endpoint + properties: + autoGeneratedCerts: + description: AutoGenerated if configures generates the certificates + based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where keystore/truststore.jks/jksPassword.txt keys + are mounted. CP will not configure truststore.jks can be ignored + with IgnoreTrustStoreConfig field + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced for + jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value format + can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - dataVolumeCapacity + - image + - replicas + type: object + status: + description: ControlCenterStatus defines the observed state of ControlCenter + properties: + authorizationType: + type: string + clusterName: + description: ClusterName defines the name of the cluster + type: string + clusterNamespace: + description: ClusterNamespace provides the namespace where cluster + is running + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition + is evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + controlCenterName: + type: string + currentReplicas: + description: CurrentReplicas defines current running replicas + format: int32 + type: integer + id: + format: int32 + type: integer + internalSecrets: + description: InternalSecrets defines the list of internal secrets + created by Operator for each CP component. + items: + type: string + type: array + internalTopicNames: + description: InternalTopicNames is a list of topics used by the component + for internal use + items: + type: string + type: array + kafka: + description: KafkaClientInfoStatus defines the kafka client side status + for all CP component + properties: + authenticationType: + description: AuthenticationType defines the authentication type + for kafka + type: string + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + type: string + tls: + description: TLS defines if tls is enabled for kafka dependency + type: boolean + type: object + operatorVersion: + description: OperatorVersion defines the internal version of operator + type: string + phase: + description: Phase defines the state of the CP component + type: string + rbac: + description: RBACInfoStatus defines RBAC related status when RBAC + is enabled + properties: + clusterId: + description: ClusterId defines the id of cluster + type: string + internalRolebindings: + description: RolebindingState defines the state of internal rolebindings + items: + type: string + type: array + type: object + readyReplicas: + description: ReadyReplicas defines current ready replicas + format: int32 + type: integer + replicas: + description: Replicas defines replicas + format: int32 + type: integer + restConfig: + description: ListenerStatus describes general information about a + listeners + properties: + advertisedExternalEndpoints: + description: AdvertisedExternalEndpoints defines other advertised + endpoints, especially use for kafka + items: + type: string + type: array + authenticationType: + description: AuthenticationType defines authentication type configured + by a listener + type: string + externalAccessType: + description: ExternalAccessType is the external access type used + for the listener + type: string + externalEndpoint: + description: ExternalEndpoint defines the external endpoint to + connect to the service + type: string + internalEndpoint: + description: InternalEndpoint defines the internal endpoint to + connect to the service + type: string + tls: + description: TLS defines whether tls is configured by a listener + type: boolean + type: object + selector: + description: Selector gets the label selector of the child pod. The + Horizontal Pod Autoscaler(HPA) will scale using label selector of + the child pod. + type: string + required: + - id + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/crds/crds/platform.confluent.io_kafkarestclasses.yaml b/base/cfk-base/2.1.0/crds/platform.confluent.io_kafkarestclasses.yaml similarity index 100% rename from base/crds/crds/platform.confluent.io_kafkarestclasses.yaml rename to base/cfk-base/2.1.0/crds/platform.confluent.io_kafkarestclasses.yaml diff --git a/base/cfk-base/2.1.0/crds/platform.confluent.io_kafkarestproxies.yaml b/base/cfk-base/2.1.0/crds/platform.confluent.io_kafkarestproxies.yaml new file mode 100644 index 0000000..3c676e9 --- /dev/null +++ b/base/cfk-base/2.1.0/crds/platform.confluent.io_kafkarestproxies.yaml @@ -0,0 +1,2670 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_kafkarestproxies.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: kafkarestproxies.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: KafkaRestProxy + listKind: KafkaRestProxyList + plural: kafkarestproxies + shortNames: + - kafkarestproxy + - krp + singular: kafkarestproxy + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.replicas + name: Replicas + type: string + - jsonPath: .status.readyReplicas + name: Ready + type: string + - jsonPath: .status.phase + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.kafka.bootstrapEndpoint + name: Kafka + priority: 1 + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: KafkaRestProxy is the Schema for the kafkarestproxies API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KafkaRestProxySpec defines the desired state of KafkaRestProxy + properties: + authentication: + description: RestServerAuthentication server authentication support + to the CP Component + properties: + basic: + description: Basic defines basic authentication + properties: + debug: + description: Debug enables basic auth debug logs if true for + JAAS configuration + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic + credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on the + server side only. Changes will be only reflected in ControlCenter + (C3). This configuration is ignored on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on the + server side only. This configuration is ignored on the client + side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme for + Rest Server + enum: + - basic + - mtls + type: string + required: + - type + type: object + authorization: + description: ClientAuthorization define client side authorization + configuration for CP component. + properties: + kafkaRestClassRef: + description: KafkaRestClassRef defines the reference for KafkaRestClass + which defines Kafka Rest API + properties: + name: + description: Name defines the name of KafkaRestClass + minLength: 1 + type: string + namespace: + description: Namespace defines the namespace of the KafkaRestClass + type: string + required: + - name + type: object + type: + enum: + - rbac + type: string + required: + - type + type: object + configOverrides: + description: ConfigurationOverrides defines capability to override + server/jvm/log4j properties for each Confluent platform component. + Change will roll the cluster + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + dependencies: + description: KafkaRestProxyDependencies defines the dependencies for + KafkaRestProxy + properties: + interceptor: + description: InterceptorDependency defines interceptor settings + for CP component + properties: + configs: + description: Configs defines configs for the CP interceptor + Config override feature can be used to pass config + items: + type: string + type: array + consumer: + description: Consumer defines the consumer configuration for + interceptor. If not configured it will use the kafka dependency + configuration + properties: + authentication: + description: Authentication defines the authentication + for the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's + JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference + to pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete + JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name + referenced for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability + to discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component + is running Uses the same namespace where Operator + is running if not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side + TLS setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the + directory path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration + for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure + ignores the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name + referenced for jks password More information + about jks password key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + enabled: + description: Enabled defines to enable the CP interceptor + configuration + type: boolean + producer: + description: Producer defines the producer configuration for + interceptor. If not configured it will use the kafka dependency + configuration + properties: + authentication: + description: Authentication defines the authentication + for the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's + JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference + to pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete + JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name + referenced for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability + to discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component + is running Uses the same namespace where Operator + is running if not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side + TLS setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the + directory path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration + for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure + ignores the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name + referenced for jks password More information + about jks password key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + publishMs: + type: integer + required: + - enabled + type: object + kafka: + description: KafkaClientDependency allows configuring CP component + dependency to configure kafka settings + properties: + authentication: + description: Authentication defines the authentication for + the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to + pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to + discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if + not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: MDSDependencies defines MDS configure when CP RBAC + is enabled + properties: + authentication: + description: Authentication defines MDS authentication configuration + properties: + bearer: + description: BearerAuthentication defines bearer authentication + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines the authentication type support + for MDS + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: Endpoint defines the mds endpoint + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: ClientTLSConfig defines TLS configuration for + CP component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: TokenKeyPair defines the token keypair to configure + MDS + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - authentication + - endpoint + - tokenKeyPair + type: object + schemaRegistry: + description: SchemaRegistryClientDependency allows configuring + CP component dependency to configure schemaRegistry settings + properties: + authentication: + description: Authentication defines the authentication for + the schemaregistry cluster + properties: + basic: + description: Basic defines basic authentication + properties: + debug: + description: Debug enables basic auth debug logs if + true for JAAS configuration + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass + basic credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles + on the server side only. Changes will be only reflected + in ControlCenter (C3). This configuration is ignored + on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is ignored + on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for schemaregistry cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - url + type: object + type: object + externalAccess: + description: CPExternalAccess holds all external access policies for + non-kafka components + properties: + loadBalancer: + description: LoadBalancer allows to create a kubernetes load balancer + service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the + kubernetes service type load balancer + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring source + range + items: + type: string + type: array + port: + description: Port allows to configure external port for client + consumption If not configured, same internal/external port + will be configured per component Information about the port + can be retrieved through status API + format: int32 + type: integer + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard service + names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be + enabled with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in + the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this + is not specified, the value of the ''port'' field + is used (an identity map). This field is ignored for + services with clusterIP=None, and should be omitted + or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'SessionAffinity Supports "ClientIP" and "None". + Used to maintain session affinity. Enable client IP based + session affinity. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of session affinity + properties: + clientIP: + description: clientIP contains the configurations of Client + IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node port + service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the + kubernetes service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port offset + to be used and will go in the increasing order with respect + to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) For Kafka with nodePort type, it will only + apply to kafka bootstrap service + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard service + names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be + enabled with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in + the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this + is not specified, the value of the ''port'' field + is used (an identity map). This field is ignored for + services with clusterIP=None, and should be omitted + or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'SessionAffinity Supports "ClientIP" and "None". + Used to maintain session affinity. Enable client IP based + session affinity. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of session affinity + properties: + clientIP: + description: clientIP contains the configurations of Client + IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for OpenShift + Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the + OpenShift service type route + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. It defaults + to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: Type defines supported kubernetes external services + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + image: + description: Image defines application and init docker image configuration. + Change will roll the cluster + properties: + application: + description: Application defines application docker image name + pattern: .+:.+ + type: string + init: + description: Init defines init-container name + pattern: .+:.+ + type: string + pullPolicy: + description: ImagePullPolicy, One of Always, Never, IfNotPresent. + Defaults to IfNotPresent. + enum: + - Always + - Never + - IfNotPresent + type: string + pullSecretRef: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods + that reference this ServiceAccount. ImagePullSecrets are distinct + from Secrets because Secrets can be mounted in the pod, but + ImagePullSecrets are only accessed by the kubelet. More info: + https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: InjectAnnotations annotations are injected to all the + internal resources created by Operator. All the internal annotations + is preserved and forbidden to override. For pod annotations, use + podTemplate.annotations + type: object + injectLabels: + additionalProperties: + type: string + description: InjectLabels labels are injected to all the internal + resources created by Operator. All the internal labels is preserved + and forbidden to override. For pod labels, use podTemplate.labels + type: object + k8sClusterDomain: + description: K8SClusterDomain defines configuring kubernetes cluster + domain if required. If this setting is not configured it will default + to cluster.local domain. + type: string + license: + description: License defines license configuration for Confluent + platform component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where license key is mounted. More information + about the usage be found in Confluent Operator document. + minLength: 1 + type: string + globalLicense: + description: GlobalLicense specifies whether operator pod license + will be used for this component If enabled then Confluent platform + component shares Confluent Operator license. + type: boolean + secretRef: + description: SecretRef is secret reference which provides license + for CP component More information about the license key struct + can be found in Confluent Operator document. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + metrics: + description: Metrics specifies the security settings for metric services + properties: + authentication: + description: Metrics security authentication + properties: + type: + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: Override for jmx-prometheus exporter configs + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Prometheus exporter rule override + properties: + attrNameSnakeCase: + type: boolean + cache: + type: boolean + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: MountedSecrets defines list of secrets reference injected + to the the underlying statefulset configuration. The secret reference + is mounted secret mounted in default path /mnt/secrets/. + The underlying resources will follow the secret as a file configuration + as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod + Change will roll the cluster + items: + description: MountedSecrets allows provides a way to inject custom + secret to underlying statefulset. + properties: + keyItems: + description: keyItems is list of key and path names + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be in + conflict with other options that affect the file mode, + like fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: SecretRef defines the secret name referenced + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + oneReplicaPerNode: + description: OneReplicaPerNode enforces to run 1 pod per node through + pod anti-affinity capability. Enabling this configuration in existing + cluster will roll. Change will roll the cluster + type: boolean + podTemplate: + description: PodTemplate defines some statefulset pod template configuration + properties: + affinity: + description: 'Affinity is a group of affinity scheduling rules. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from + its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term + matches no objects. The requirements of them are + ANDed. The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node that + violates one or more of the expressions. The node that + is most preferred is the one with the greatest sum of + weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod + label update), the system may or may not try to eventually + evict the pod from its node. When there are multiple + elements, the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations defines an unstructured key value map + stored with a resource that may be set by external tools to + store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + envVars: + description: 'EnvVars defines the collection of EnvVar to inject + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Labels defines map of string keys and values that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present + in container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to + all containers in a pod. Some volume types allow the Kubelet + to change the ownership of that volume to be owned by the + pod: \n 1. The owning GID will be the FSGroup 2. The setgid + bit is set (new files created in the volume will be owned + by FSGroup) 3. The permission bits are OR'd with rw-rw---- + \n If unset, the Kubelet will not modify the ownership and + permissions of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence + for that container. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process + run in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options within a container's + SecurityContext will be used. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName defines priority class for the + pod (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: Probe defines some fields of standard kubernetes + readiness/liveness probe configuration. + properties: + liveness: + description: Liveness allows to configure some some probe + configuration The changes will override the existing default + configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has + started before probes are initiated. CP component comes + with right configuration, not required to change most + of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + readiness: + description: Readiness allows to configure some some probe + configuration The changes will override the existing default + configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has + started before probes are initiated. CP component comes + with right configuration, not required to change most + of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + type: object + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds defines grace period + for pod deletion + format: int64 + type: integer + tolerations: + description: Tolerations defines The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator . + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraints describes how a group of + pods ought to spread across topology domains. Scheduler will + schedule pods in a way which abides by the constraints. All + topologySpreadConstraints are ANDed. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods + may be unevenly distributed. It''s the maximum permitted + difference between the number of matching pods in any + two topology domains of a given topology type. For example, + in a 3-zone cluster, MaxSkew is set to 1, and pods with + the same labelSelector spread as 1/1/0: | zone1 | zone2 + | zone3 | | P | P | | - if MaxSkew is 1, + incoming pod can only be scheduled to zone3 to become + 1/1/1; scheduling it onto zone1(zone2) would make the + ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - + if MaxSkew is 2, incoming pod can be scheduled onto any + zone. It''s a required field. Default value is 1 and 0 + is not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - + DoNotSchedule (default) tells the scheduler not to schedule + it - ScheduleAnyway tells the scheduler to still schedule + it It''s considered as "Unsatisfiable" if and only if + placing incoming pod on any topology violates "MaxSkew". + For example, in a 3-zone cluster, MaxSkew is set to 1, + and pods with the same labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | | P P P | P | P | If + WhenUnsatisfiable is set to DoNotSchedule, incoming pod + can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). + In other words, the cluster can still be imbalanced, but + scheduler won''t make it *more* imbalanced. It''s a required + field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + replicas: + description: Replicas is the desired number of replicas of the given + Template. Change will roll the cluster + format: int32 + type: integer + telemetry: + description: ConfluentTelemetry provides a way to disable global confluent + telemetry setting configure as part of operator deployment. + properties: + global: + description: Global will allow disabling telemetry configuration. + If Operator is deployed with telemetry, this field is only is + used to disabled. By default the value is true if telemetry + is enabled in global level. + type: boolean + type: object + tls: + description: TLS allows configuring CP Component's server configuration + properties: + autoGeneratedCerts: + description: AutoGenerated if configures generates the certificates + based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where keystore/truststore.jks/jksPassword.txt keys + are mounted. CP will not configure truststore.jks can be ignored + with IgnoreTrustStoreConfig field + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced for + jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value format + can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - image + - replicas + type: object + status: + description: KafkaRestProxyStatus defines the observed state of KafkaRestProxy + properties: + authorizationType: + type: string + clusterName: + description: ClusterName defines the name of the cluster + type: string + clusterNamespace: + description: ClusterNamespace provides the namespace where cluster + is running + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition + is evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + currentReplicas: + description: CurrentReplicas defines current running replicas + format: int32 + type: integer + internalSecrets: + description: InternalSecrets defines the list of internal secrets + created by Operator for each CP component. + items: + type: string + type: array + internalTopicNames: + description: InternalTopicNames is a list of topics used by the component + for internal use + items: + type: string + type: array + kafka: + description: KafkaClientInfoStatus defines the kafka client side status + for all CP component + properties: + authenticationType: + description: AuthenticationType defines the authentication type + for kafka + type: string + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + type: string + tls: + description: TLS defines if tls is enabled for kafka dependency + type: boolean + type: object + metricPrefix: + type: string + operatorVersion: + description: OperatorVersion defines the internal version of operator + type: string + phase: + description: Phase defines the state of the CP component + type: string + rbac: + description: RBACInfoStatus defines RBAC related status when RBAC + is enabled + properties: + clusterId: + description: ClusterId defines the id of cluster + type: string + internalRolebindings: + description: RolebindingState defines the state of internal rolebindings + items: + type: string + type: array + type: object + readyReplicas: + description: ReadyReplicas defines current ready replicas + format: int32 + type: integer + replicas: + description: Replicas defines replicas + format: int32 + type: integer + restConfig: + description: ListenerStatus describes general information about a + listeners + properties: + advertisedExternalEndpoints: + description: AdvertisedExternalEndpoints defines other advertised + endpoints, especially use for kafka + items: + type: string + type: array + authenticationType: + description: AuthenticationType defines authentication type configured + by a listener + type: string + externalAccessType: + description: ExternalAccessType is the external access type used + for the listener + type: string + externalEndpoint: + description: ExternalEndpoint defines the external endpoint to + connect to the service + type: string + internalEndpoint: + description: InternalEndpoint defines the internal endpoint to + connect to the service + type: string + tls: + description: TLS defines whether tls is configured by a listener + type: boolean + type: object + selector: + description: Selector gets the label selector of the child pod. The + Horizontal Pod Autoscaler(HPA) will scale using label selector of + the child pod. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.1.0/crds/platform.confluent.io_kafkas.yaml b/base/cfk-base/2.1.0/crds/platform.confluent.io_kafkas.yaml new file mode 100644 index 0000000..de5a796 --- /dev/null +++ b/base/cfk-base/2.1.0/crds/platform.confluent.io_kafkas.yaml @@ -0,0 +1,4448 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_kafkas.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: kafkas.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: Kafka + listKind: KafkaList + plural: kafkas + shortNames: + - kafka + - broker + singular: kafka + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.replicas + name: Replicas + type: string + - jsonPath: .status.readyReplicas + name: Ready + type: string + - jsonPath: .status.phase + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.zookeeperConnect + name: Zookeeper + priority: 1 + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: Kafka is the Schema for the kafkas API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KafkaSpec defines the desired state of CP component, Kafka + Server + properties: + authorization: + description: Authorization defines authorization support + properties: + superUsers: + description: SuperUsers defines list of supers user to give admin + privilege on the Kafka Cluster This list takes the format as + User: + items: + type: string + type: array + type: + enum: + - rbac + - simple + type: string + required: + - type + type: object + configOverrides: + description: ConfigurationOverrides defines capability to override + server/jvm/log4j properties for each Confluent platform component. + Change will roll the cluster + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + dataVolumeCapacity: + anyOf: + - type: integer + - type: string + description: DataVolumeCapacity defines the PV capacity. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + dependencies: + description: Dependencies defines all the kafka dependencies like + zookeeper and centralized MDS settings + properties: + kafkaRest: + description: KafkaRestApiClientDep provides rest client auth for + MDS when RBAC is enabled + properties: + authentication: + description: Authentication defines authentication of Kafka + Rest API + properties: + bearer: + description: BearerAuthentication defines bearer authentication + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines the authentication type support + for MDS + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: Endpoint defines where confluent Kafka Rest API + is running + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: TLSDependencyConfig defines the client side tls + configuration to connect to Kafka Rest API + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: KafkaPrimaryMetaDataServerDep configure a secondary + Kafka cluster managed by the MDS of the primary Kafka cluster + properties: + endpoint: + description: URLEndpoint defines the URL endpoint in format + http|s://:port + minLength: 1 + pattern: ^https?://.* + type: string + kafka: + description: KafkaClientDependency allows configuring CP component + dependency to configure kafka settings + properties: + authentication: + description: Authentication defines the authentication + for the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's + JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference + to pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete + JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name + referenced for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability + to discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component + is running Uses the same namespace where Operator + is running if not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side + TLS setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the + directory path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration + for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure + ignores the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name + referenced for jks password More information + about jks password key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + tls: + description: ClientTLSConfig defines TLS configuration for + CP component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: MDSTokenKeyPair load either through secretRef + or directory path + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - endpoint + - kafka + - tokenKeyPair + type: object + schemaRegistry: + description: SchemaRegistryClientDependency allows configuring + CP component dependency to configure schemaRegistry settings + properties: + authentication: + description: Authentication defines the authentication for + the schemaregistry cluster + properties: + basic: + description: Basic defines basic authentication + properties: + debug: + description: Debug enables basic auth debug logs if + true for JAAS configuration + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass + basic credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles + on the server side only. Changes will be only reflected + in ControlCenter (C3). This configuration is ignored + on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is ignored + on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for schemaregistry cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - url + type: object + zookeeper: + description: KafkaZookeeperDependencies + properties: + authentication: + description: KafkaClientAuthentication defines the authentication + structure for all dependent CP Component for Kafka Cluster. + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to + pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + discovery: + description: Discovery discover structure used by Confluent + platform (CP) + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if + not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + endpoint: + description: Endpoint defines the endpoint for service is + format endpoint:port + minLength: 1 + pattern: .+:[0-9]+ + type: string + tls: + description: ClientTLSConfig defines TLS configuration for + CP component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + type: object + image: + description: Image defines application and init docker image configuration. + Change will roll the cluster + properties: + application: + description: Application defines application docker image name + pattern: .+:.+ + type: string + init: + description: Init defines init-container name + pattern: .+:.+ + type: string + pullPolicy: + description: ImagePullPolicy, One of Always, Never, IfNotPresent. + Defaults to IfNotPresent. + enum: + - Always + - Never + - IfNotPresent + type: string + pullSecretRef: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods + that reference this ServiceAccount. ImagePullSecrets are distinct + from Secrets because Secrets can be mounted in the pod, but + ImagePullSecrets are only accessed by the kubelet. More info: + https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: InjectAnnotations annotations are injected to all the + internal resources created by Operator. All the internal annotations + is preserved and forbidden to override. For pod annotations, use + podTemplate.annotations + type: object + injectLabels: + additionalProperties: + type: string + description: InjectLabels labels are injected to all the internal + resources created by Operator. All the internal labels is preserved + and forbidden to override. For pod labels, use podTemplate.labels + type: object + k8sClusterDomain: + description: K8SClusterDomain defines configuring kubernetes cluster + domain if required. If this setting is not configured it will default + to cluster.local domain. + type: string + license: + description: License defines license configuration for Confluent + platform component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where license key is mounted. More information + about the usage be found in Confluent Operator document. + minLength: 1 + type: string + globalLicense: + description: GlobalLicense specifies whether operator pod license + will be used for this component If enabled then Confluent platform + component shares Confluent Operator license. + type: boolean + secretRef: + description: SecretRef is secret reference which provides license + for CP component More information about the license key struct + can be found in Confluent Operator document. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + listeners: + description: Listeners defines listeners configurations + properties: + custom: + items: + description: KafkaCustomListener ... + properties: + authentication: + description: KafkaZkAuthentication defines authentication + structure for Kafka/ZK cluster. + properties: + jaasConfig: + description: JaaS defines opinionated CP component's + JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference + to pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete + JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + principalMappingRules: + items: + type: string + type: array + type: + description: Type defines supported kafka authentication + types + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + externalAccess: + description: KafkaExternalAccess allows to configure external + access for Kafka cluster + properties: + loadBalancer: + description: LoadBalancer allows to create a kubernetes + load balancer service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations + for the kubernetes service type load balancer + type: object + bootstrapPrefix: + description: BootstrapPrefix defines the prefix + for bootstrap advertised endpoint and will be + added as bootstrapPrefix.domain If not configured + it will be the cluster name of CR + minLength: 1 + type: string + brokerPrefix: + description: 'BrokerPrefix defines the prefix for + broker advertised endpoint and will be added as + brokerPrefix.domain If not configured, it will + add b as a prefix, like b#.domain where # will + start from 0 to replicas count' + minLength: 1 + type: string + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring + source range + items: + type: string + type: array + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information + on service's port. + properties: + appProtocol: + description: The application protocol for + this port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per + RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed + names such as mycompany.com/my-custom-protocol. + Field can be enabled with ServiceAppProtocol + feature gate. + type: string + name: + description: The name of this port within + the service. This must be a DNS_LABEL. All + ports within a ServiceSpec must have unique + names. When considering the endpoints for + a Service, this must match the 'name' field + in the EndpointPort. Optional if only one + ServicePort is defined on this service. + type: string + nodePort: + description: 'The port on each node on which + this service is exposed when type=NodePort + or LoadBalancer. Usually assigned by the + system. If specified, it will be allocated + to the service if unused or else creation + of the service will fail. Default is to + auto-allocate a port if the ServiceType + of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed + by this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. + Supports "TCP", "UDP", and "SCTP". Default + is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to + access on the pods targeted by the service. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. If this is + a string, it will be looked up as a named + port in the target Pod''s container ports. + If this is not specified, the value of the + ''port'' field is used (an identity map). + This field is ignored for services with + clusterIP=None, and should be omitted or + set equal to the ''port'' field. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'SessionAffinity Supports "ClientIP" + and "None". Used to maintain session affinity. + Enable client IP based session affinity. Defaults + to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the + configurations of session affinity + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the + seconds of ClientIP type session sticky + time. The value must be >0 && <=86400(for + 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes + node port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations + for the kubernetes service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node + port offset to be used and will go in the increasing + order with respect to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) For Kafka with nodePort type, + it will only apply to kafka bootstrap service + items: + description: ServicePort contains information + on service's port. + properties: + appProtocol: + description: The application protocol for + this port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per + RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed + names such as mycompany.com/my-custom-protocol. + Field can be enabled with ServiceAppProtocol + feature gate. + type: string + name: + description: The name of this port within + the service. This must be a DNS_LABEL. All + ports within a ServiceSpec must have unique + names. When considering the endpoints for + a Service, this must match the 'name' field + in the EndpointPort. Optional if only one + ServicePort is defined on this service. + type: string + nodePort: + description: 'The port on each node on which + this service is exposed when type=NodePort + or LoadBalancer. Usually assigned by the + system. If specified, it will be allocated + to the service if unused or else creation + of the service will fail. Default is to + auto-allocate a port if the ServiceType + of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed + by this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. + Supports "TCP", "UDP", and "SCTP". Default + is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to + access on the pods targeted by the service. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. If this is + a string, it will be looked up as a named + port in the target Pod''s container ports. + If this is not specified, the value of the + ''port'' field is used (an identity map). + This field is ignored for services with + clusterIP=None, and should be omitted or + set equal to the ''port'' field. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'SessionAffinity Supports "ClientIP" + and "None". Used to maintain session affinity. + Enable client IP based session affinity. Defaults + to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the + configurations of session affinity + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the + seconds of ClientIP type session sticky + time. The value must be >0 && <=86400(for + 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service + for OpenShift Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations + for the OpenShift service type route + type: object + bootstrapPrefix: + description: BootstrapPrefix defines the prefix + for bootstrap advertised endpoint and will be + added as bootstrapPrefix.domain If not configured + it will be the cluster name of CR + minLength: 1 + type: string + brokerPrefix: + description: 'BrokerPrefix defines the prefix for + broker advertised endpoint and will be added as + brokerPrefix.domain If not configured, it will + add b as a prefix, like b#.domain where # will + start from 0 to replicas count' + minLength: 1 + type: string + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. + It defaults to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + staticForHostBasedRouting: + description: StaticForHostBasedRouting allows to integrate + with external ingress controllers by doing host based + routing through SNI capability. With this schema, + operator configures kafka advertised listeners only + and no kubernetes external service will be created. + properties: + brokerPrefix: + description: 'BrokerPrefix defines the prefix for + broker advertised endpoint and will be added as + brokerPrefix.domain If not configured, it will + add b as a prefix, like b#.domain where # will + start from 0 to replicas count' + minLength: 1 + type: string + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + port: + description: Port defines the port to be used in + the advertised listener for a broker + format: int32 + type: integer + required: + - domain + - port + type: object + staticForPortBasedRouting: + description: StaticForPortBasedRouting allows to enable + external access by port routing With this schema, + operator configures kafka advertised listeners only + and no kubernetes external service will be created. + properties: + host: + description: Host defines the host name to be used + in the advertised listener for a broker + minLength: 1 + type: string + portOffset: + description: PortOffset defines the portOffset to + be used and will go in the increasing order with + respect to the replicas count + format: int32 + type: integer + required: + - host + - portOffset + type: object + type: + description: Type defines supported kubernetes external + services + enum: + - loadBalancer + - nodePort + - route + - staticForPortBasedRouting + - staticForHostBasedRouting + type: string + required: + - type + type: object + name: + description: Name defines the name of the custom listener + internal/external/token can't be used as they are reserved + by the Operator + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + port: + description: Port will bind given port to the custom listener. + Port < 9093 is reserved by the Operator + format: int32 + minimum: 9093 + type: integer + tls: + description: ClientTLSConfig defines TLS configuration for + CP component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + required: + - name + - port + type: object + type: array + external: + description: KafkaExternalAccessListener is the kafka specific + external listener + properties: + authentication: + description: KafkaZkAuthentication defines authentication + structure for Kafka/ZK cluster. + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to + pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + principalMappingRules: + items: + type: string + type: array + type: + description: Type defines supported kafka authentication + types + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + externalAccess: + description: KafkaExternalAccess allows to configure external + access for Kafka cluster + properties: + loadBalancer: + description: LoadBalancer allows to create a kubernetes + load balancer service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations + for the kubernetes service type load balancer + type: object + bootstrapPrefix: + description: BootstrapPrefix defines the prefix for + bootstrap advertised endpoint and will be added + as bootstrapPrefix.domain If not configured it will + be the cluster name of CR + minLength: 1 + type: string + brokerPrefix: + description: 'BrokerPrefix defines the prefix for + broker advertised endpoint and will be added as + brokerPrefix.domain If not configured, it will add + b as a prefix, like b#.domain where # will start + from 0 to replicas count' + minLength: 1 + type: string + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring + source range + items: + type: string + type: array + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on + service's port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed + names such as mycompany.com/my-custom-protocol. + Field can be enabled with ServiceAppProtocol + feature gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which + this service is exposed when type=NodePort + or LoadBalancer. Usually assigned by the system. + If specified, it will be allocated to the + service if unused or else creation of the + service will fail. Default is to auto-allocate + a port if the ServiceType of this Service + requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. + Supports "TCP", "UDP", and "SCTP". Default + is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to + access on the pods targeted by the service. + Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. If this is a string, + it will be looked up as a named port in the + target Pod''s container ports. If this is + not specified, the value of the ''port'' field + is used (an identity map). This field is ignored + for services with clusterIP=None, and should + be omitted or set equal to the ''port'' field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'SessionAffinity Supports "ClientIP" + and "None". Used to maintain session affinity. Enable + client IP based session affinity. Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of session affinity + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the + seconds of ClientIP type session sticky + time. The value must be >0 && <=86400(for + 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node + port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations + for the kubernetes service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port + offset to be used and will go in the increasing + order with respect to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) For Kafka with nodePort type, it + will only apply to kafka bootstrap service + items: + description: ServicePort contains information on + service's port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed + names such as mycompany.com/my-custom-protocol. + Field can be enabled with ServiceAppProtocol + feature gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which + this service is exposed when type=NodePort + or LoadBalancer. Usually assigned by the system. + If specified, it will be allocated to the + service if unused or else creation of the + service will fail. Default is to auto-allocate + a port if the ServiceType of this Service + requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. + Supports "TCP", "UDP", and "SCTP". Default + is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to + access on the pods targeted by the service. + Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. If this is a string, + it will be looked up as a named port in the + target Pod''s container ports. If this is + not specified, the value of the ''port'' field + is used (an identity map). This field is ignored + for services with clusterIP=None, and should + be omitted or set equal to the ''port'' field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'SessionAffinity Supports "ClientIP" + and "None". Used to maintain session affinity. Enable + client IP based session affinity. Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of session affinity + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the + seconds of ClientIP type session sticky + time. The value must be >0 && <=86400(for + 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for + OpenShift Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations + for the OpenShift service type route + type: object + bootstrapPrefix: + description: BootstrapPrefix defines the prefix for + bootstrap advertised endpoint and will be added + as bootstrapPrefix.domain If not configured it will + be the cluster name of CR + minLength: 1 + type: string + brokerPrefix: + description: 'BrokerPrefix defines the prefix for + broker advertised endpoint and will be added as + brokerPrefix.domain If not configured, it will add + b as a prefix, like b#.domain where # will start + from 0 to replicas count' + minLength: 1 + type: string + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. + It defaults to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + staticForHostBasedRouting: + description: StaticForHostBasedRouting allows to integrate + with external ingress controllers by doing host based + routing through SNI capability. With this schema, operator + configures kafka advertised listeners only and no kubernetes + external service will be created. + properties: + brokerPrefix: + description: 'BrokerPrefix defines the prefix for + broker advertised endpoint and will be added as + brokerPrefix.domain If not configured, it will add + b as a prefix, like b#.domain where # will start + from 0 to replicas count' + minLength: 1 + type: string + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + port: + description: Port defines the port to be used in the + advertised listener for a broker + format: int32 + type: integer + required: + - domain + - port + type: object + staticForPortBasedRouting: + description: StaticForPortBasedRouting allows to enable + external access by port routing With this schema, operator + configures kafka advertised listeners only and no kubernetes + external service will be created. + properties: + host: + description: Host defines the host name to be used + in the advertised listener for a broker + minLength: 1 + type: string + portOffset: + description: PortOffset defines the portOffset to + be used and will go in the increasing order with + respect to the replicas count + format: int32 + type: integer + required: + - host + - portOffset + type: object + type: + description: Type defines supported kubernetes external + services + enum: + - loadBalancer + - nodePort + - route + - staticForPortBasedRouting + - staticForHostBasedRouting + type: string + required: + - type + type: object + tls: + description: ClientTLSConfig defines TLS configuration for + CP component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + internal: + description: Listener is the base fields for component listener + configuration + properties: + authentication: + description: KafkaZkAuthentication defines authentication + structure for Kafka/ZK cluster. + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to + pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + principalMappingRules: + items: + type: string + type: array + type: + description: Type defines supported kafka authentication + types + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + tls: + description: ClientTLSConfig defines TLS configuration for + CP component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + type: object + metricReporter: + description: MetricsReporter defines the metric reporter configuration + which will be enabled by default, and piggyback internal listener's + authentication and TLS if it is not set + properties: + authentication: + description: KafkaClientAuthentication defines the authentication + structure for all dependent CP Component for Kafka Cluster. + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + type: string + enabled: + type: boolean + replicationFactor: + format: int32 + type: integer + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + required: + - enabled + type: object + metrics: + description: Metrics specifies the security settings for metric services + properties: + authentication: + description: Metrics security authentication + properties: + type: + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: Override for jmx-prometheus exporter configs + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Prometheus exporter rule override + properties: + attrNameSnakeCase: + type: boolean + cache: + type: boolean + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: MountedSecrets defines list of secrets reference injected + to the the underlying statefulset configuration. The secret reference + is mounted secret mounted in default path /mnt/secrets/. + The underlying resources will follow the secret as a file configuration + as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod + Change will roll the cluster + items: + description: MountedSecrets allows provides a way to inject custom + secret to underlying statefulset. + properties: + keyItems: + description: keyItems is list of key and path names + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be in + conflict with other options that affect the file mode, + like fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: SecretRef defines the secret name referenced + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + oneReplicaPerNode: + description: OneReplicaPerNode enforces to run 1 pod per node through + pod anti-affinity capability. Enabling this configuration in existing + cluster will roll. Change will roll the cluster + type: boolean + podTemplate: + description: PodTemplate defines some statefulset pod template configuration + properties: + affinity: + description: 'Affinity is a group of affinity scheduling rules. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from + its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term + matches no objects. The requirements of them are + ANDed. The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node that + violates one or more of the expressions. The node that + is most preferred is the one with the greatest sum of + weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod + label update), the system may or may not try to eventually + evict the pod from its node. When there are multiple + elements, the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations defines an unstructured key value map + stored with a resource that may be set by external tools to + store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + envVars: + description: 'EnvVars defines the collection of EnvVar to inject + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Labels defines map of string keys and values that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present + in container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to + all containers in a pod. Some volume types allow the Kubelet + to change the ownership of that volume to be owned by the + pod: \n 1. The owning GID will be the FSGroup 2. The setgid + bit is set (new files created in the volume will be owned + by FSGroup) 3. The permission bits are OR'd with rw-rw---- + \n If unset, the Kubelet will not modify the ownership and + permissions of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence + for that container. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process + run in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options within a container's + SecurityContext will be used. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName defines priority class for the + pod (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: Probe defines some fields of standard kubernetes + readiness/liveness probe configuration. + properties: + liveness: + description: Liveness allows to configure some some probe + configuration The changes will override the existing default + configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has + started before probes are initiated. CP component comes + with right configuration, not required to change most + of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + readiness: + description: Readiness allows to configure some some probe + configuration The changes will override the existing default + configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has + started before probes are initiated. CP component comes + with right configuration, not required to change most + of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + type: object + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds defines grace period + for pod deletion + format: int64 + type: integer + tolerations: + description: Tolerations defines The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator . + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraints describes how a group of + pods ought to spread across topology domains. Scheduler will + schedule pods in a way which abides by the constraints. All + topologySpreadConstraints are ANDed. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods + may be unevenly distributed. It''s the maximum permitted + difference between the number of matching pods in any + two topology domains of a given topology type. For example, + in a 3-zone cluster, MaxSkew is set to 1, and pods with + the same labelSelector spread as 1/1/0: | zone1 | zone2 + | zone3 | | P | P | | - if MaxSkew is 1, + incoming pod can only be scheduled to zone3 to become + 1/1/1; scheduling it onto zone1(zone2) would make the + ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - + if MaxSkew is 2, incoming pod can be scheduled onto any + zone. It''s a required field. Default value is 1 and 0 + is not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - + DoNotSchedule (default) tells the scheduler not to schedule + it - ScheduleAnyway tells the scheduler to still schedule + it It''s considered as "Unsatisfiable" if and only if + placing incoming pod on any topology violates "MaxSkew". + For example, in a 3-zone cluster, MaxSkew is set to 1, + and pods with the same labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | | P P P | P | P | If + WhenUnsatisfiable is set to DoNotSchedule, incoming pod + can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). + In other words, the cluster can still be imbalanced, but + scheduler won''t make it *more* imbalanced. It''s a required + field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + rackAssignment: + description: RackAssignment defines the rack awareness capability + for kafka + properties: + availabilityZoneCount: + description: AvailabilityZoneCount if configured will configure + broker.rack with formula (pod_id % azCount) this is mainly for + backwards compatibility with Operator 1.0 + format: int32 + type: integer + nodeLabels: + description: NodeLabels if configured uses the kubernetes node + APIs to to retrieve the value to be used in the broker.rack. + This feature requires Confluent Operaotr to run in cluster-level + access + items: + type: string + minItems: 1 + type: array + type: object + replicas: + description: Replicas is the desired number of replicas of the given + Template. Change will roll the cluster + format: int32 + type: integer + services: + description: KafkaServices defines services supported part of kafka + properties: + kafkaRest: + description: RestApiServer embedded rest api server + properties: + authentication: + description: RestServerAuthentication server authentication + support to the CP Component + properties: + basic: + description: Basic defines basic authentication + properties: + debug: + description: Debug enables basic auth debug logs if + true for JAAS configuration + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass + basic credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles + on the server side only. Changes will be only reflected + in ControlCenter (C3). This configuration is ignored + on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is ignored + on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest Server + enum: + - basic + - mtls + type: string + required: + - type + type: object + externalAccess: + description: CPExternalAccess holds all external access policies + for non-kafka components + properties: + loadBalancer: + description: LoadBalancer allows to create a kubernetes + load balancer service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations + for the kubernetes service type load balancer + type: object + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring + source range + items: + type: string + type: array + port: + description: Port allows to configure external port + for client consumption If not configured, same internal/external + port will be configured per component Information + about the port can be retrieved through status API + format: int32 + type: integer + prefix: + description: Prefix will add prefix when configured + for the given domain If prefix is not configured, + the name of the cluster will be used as a default + value + minLength: 1 + type: string + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on + service's port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed + names such as mycompany.com/my-custom-protocol. + Field can be enabled with ServiceAppProtocol + feature gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which + this service is exposed when type=NodePort + or LoadBalancer. Usually assigned by the system. + If specified, it will be allocated to the + service if unused or else creation of the + service will fail. Default is to auto-allocate + a port if the ServiceType of this Service + requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. + Supports "TCP", "UDP", and "SCTP". Default + is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to + access on the pods targeted by the service. + Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. If this is a string, + it will be looked up as a named port in the + target Pod''s container ports. If this is + not specified, the value of the ''port'' field + is used (an identity map). This field is ignored + for services with clusterIP=None, and should + be omitted or set equal to the ''port'' field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'SessionAffinity Supports "ClientIP" + and "None". Used to maintain session affinity. Enable + client IP based session affinity. Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of session affinity + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the + seconds of ClientIP type session sticky + time. The value must be >0 && <=86400(for + 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node + port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations + for the kubernetes service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port + offset to be used and will go in the increasing + order with respect to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) For Kafka with nodePort type, it + will only apply to kafka bootstrap service + items: + description: ServicePort contains information on + service's port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed + names such as mycompany.com/my-custom-protocol. + Field can be enabled with ServiceAppProtocol + feature gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which + this service is exposed when type=NodePort + or LoadBalancer. Usually assigned by the system. + If specified, it will be allocated to the + service if unused or else creation of the + service will fail. Default is to auto-allocate + a port if the ServiceType of this Service + requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. + Supports "TCP", "UDP", and "SCTP". Default + is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to + access on the pods targeted by the service. + Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. If this is a string, + it will be looked up as a named port in the + target Pod''s container ports. If this is + not specified, the value of the ''port'' field + is used (an identity map). This field is ignored + for services with clusterIP=None, and should + be omitted or set equal to the ''port'' field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'SessionAffinity Supports "ClientIP" + and "None". Used to maintain session affinity. Enable + client IP based session affinity. Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of session affinity + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the + seconds of ClientIP type session sticky + time. The value must be >0 && <=86400(for + 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for + OpenShift Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations + for the OpenShift service type route + type: object + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + prefix: + description: Prefix will add prefix when configured + for the given domain If prefix is not configured, + the name of the cluster will be used as a default + value + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. + It defaults to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: Type defines supported kubernetes external + services + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + tls: + description: ClientTLSConfig defines TLS configuration for + CP component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: MetaDataServer + properties: + authentication: + description: MDSAuthentication supported MDS server configuration + properties: + type: + enum: + - bearer + type: string + required: + - type + type: object + externalAccess: + description: CPExternalAccess holds all external access policies + for non-kafka components + properties: + loadBalancer: + description: LoadBalancer allows to create a kubernetes + load balancer service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations + for the kubernetes service type load balancer + type: object + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring + source range + items: + type: string + type: array + port: + description: Port allows to configure external port + for client consumption If not configured, same internal/external + port will be configured per component Information + about the port can be retrieved through status API + format: int32 + type: integer + prefix: + description: Prefix will add prefix when configured + for the given domain If prefix is not configured, + the name of the cluster will be used as a default + value + minLength: 1 + type: string + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on + service's port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed + names such as mycompany.com/my-custom-protocol. + Field can be enabled with ServiceAppProtocol + feature gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which + this service is exposed when type=NodePort + or LoadBalancer. Usually assigned by the system. + If specified, it will be allocated to the + service if unused or else creation of the + service will fail. Default is to auto-allocate + a port if the ServiceType of this Service + requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. + Supports "TCP", "UDP", and "SCTP". Default + is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to + access on the pods targeted by the service. + Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. If this is a string, + it will be looked up as a named port in the + target Pod''s container ports. If this is + not specified, the value of the ''port'' field + is used (an identity map). This field is ignored + for services with clusterIP=None, and should + be omitted or set equal to the ''port'' field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'SessionAffinity Supports "ClientIP" + and "None". Used to maintain session affinity. Enable + client IP based session affinity. Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of session affinity + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the + seconds of ClientIP type session sticky + time. The value must be >0 && <=86400(for + 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node + port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations + for the kubernetes service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port + offset to be used and will go in the increasing + order with respect to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) For Kafka with nodePort type, it + will only apply to kafka bootstrap service + items: + description: ServicePort contains information on + service's port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed + names such as mycompany.com/my-custom-protocol. + Field can be enabled with ServiceAppProtocol + feature gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which + this service is exposed when type=NodePort + or LoadBalancer. Usually assigned by the system. + If specified, it will be allocated to the + service if unused or else creation of the + service will fail. Default is to auto-allocate + a port if the ServiceType of this Service + requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. + Supports "TCP", "UDP", and "SCTP". Default + is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to + access on the pods targeted by the service. + Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. If this is a string, + it will be looked up as a named port in the + target Pod''s container ports. If this is + not specified, the value of the ''port'' field + is used (an identity map). This field is ignored + for services with clusterIP=None, and should + be omitted or set equal to the ''port'' field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'SessionAffinity Supports "ClientIP" + and "None". Used to maintain session affinity. Enable + client IP based session affinity. Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of session affinity + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the + seconds of ClientIP type session sticky + time. The value must be >0 && <=86400(for + 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for + OpenShift Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations + for the OpenShift service type route + type: object + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + prefix: + description: Prefix will add prefix when configured + for the given domain If prefix is not configured, + the name of the cluster will be used as a default + value + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. + It defaults to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: Type defines supported kubernetes external + services + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + provider: + properties: + ldap: + description: LdapService LDAP configuration for RBAC + properties: + address: + type: string + authentication: + description: LdapAuthentication supported ldap configuration + for RBAC + properties: + simple: + description: LdapSimpleAuthentication load credential + either for secret or directory path in container + for RBAC + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - simple + - mtls + type: string + required: + - type + type: object + configurations: + description: LdapSettings ldap configurations for + CP RBAC. Anything missing can be passed through + configOverride capability + properties: + groupMemberAttribute: + minLength: 1 + type: string + groupMemberAttributePattern: + minLength: 1 + type: string + groupNameAttribute: + minLength: 1 + type: string + groupObjectClass: + minLength: 1 + type: string + groupSearchBase: + minLength: 1 + type: string + groupSearchFilter: + minLength: 1 + type: string + groupSearchScope: + format: int32 + type: integer + userMemberOfAttributePattern: + minLength: 1 + type: string + userNameAttribute: + minLength: 1 + type: string + userObjectClass: + minLength: 1 + type: string + userSearchBase: + minLength: 1 + type: string + userSearchFilter: + minLength: 1 + type: string + userSearchScope: + format: int32 + type: integer + type: object + tls: + description: ClientTLSConfig defines TLS configuration + for CP component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains + the directory path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration + for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure + ignores the truststore configuration for CP + component + type: boolean + jksPassword: + description: JksPassword defines the secret name + referenced for jks password + properties: + secretRef: + description: SecretRef defines the secret + name referenced for jks password More information + about jks password key/value format can + be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name + referenced for certificates More information + about certificates key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + required: + - address + - authentication + - configurations + type: object + type: + enum: + - ldap + type: string + required: + - ldap + - type + type: object + tls: + description: ClientTLSConfig defines TLS configuration for + CP component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: MDSTokenKeyPair load either through secretRef + or directory path + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - provider + - tokenKeyPair + type: object + type: object + storageClass: + description: StorageClass defines the user provided storage class. + If not configured, it will use default storage class. + properties: + name: + description: Name defines name is the storage class reference + name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + telemetry: + description: ConfluentTelemetry defines the confluent telemetry reporter + configuration + properties: + global: + description: Global will allow disabling telemetry configuration. + If Operator is deployed with telemetry, this field is only is + used to disabled. By default the value is true if telemetry + is enabled in global level. + type: boolean + type: object + tls: + description: TLS defines the global level TLS configuration which + can be used by listeners and services if they all want to share + same certificate. + properties: + autoGeneratedCerts: + description: AutoGenerated if configures generates the certificates + based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where keystore/truststore.jks/jksPassword.txt keys + are mounted. CP will not configure truststore.jks can be ignored + with IgnoreTrustStoreConfig field + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced for + jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value format + can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - dataVolumeCapacity + - image + - replicas + type: object + status: + description: KafkaStatus defines the observed state of KafkaServer + properties: + authorizationType: + type: string + brokerIdOffset: + format: int32 + type: integer + clusterName: + description: ClusterName defines the name of the cluster + type: string + clusterNamespace: + description: ClusterNamespace provides the namespace where cluster + is running + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition + is evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + currentReplicas: + description: CurrentReplicas defines current running replicas + format: int32 + type: integer + externalClient: + type: string + internalSecrets: + description: InternalSecrets defines the list of internal secrets + created by Operator for each CP component. + items: + type: string + type: array + internalTopicNames: + description: InternalTopicNames is a list of topics used by the component + for internal use + items: + type: string + type: array + listeners: + additionalProperties: + properties: + advertisedExternalEndpoints: + description: AdvertisedExternalEndpoints defines other advertised + endpoints, especially use for kafka + items: + type: string + type: array + authenticationType: + description: AuthenticationType defines authentication type + configured by a listener + type: string + client: + type: string + externalAccessType: + description: ExternalAccessType is the external access type + used for the listener + type: string + externalEndpoint: + description: ExternalEndpoint defines the external endpoint + to connect to the service + type: string + internalEndpoint: + description: InternalEndpoint defines the internal endpoint + to connect to the service + type: string + tls: + description: TLS defines whether tls is configured by a listener + type: boolean + type: object + type: object + minISR: + format: int32 + type: integer + operatorVersion: + description: OperatorVersion defines the internal version of operator + type: string + phase: + description: Phase defines the state of the CP component + type: string + readyReplicas: + description: ReadyReplicas defines current ready replicas + format: int32 + type: integer + replicas: + description: Replicas defines replicas + format: int32 + type: integer + replicationFactor: + format: int32 + type: integer + selector: + description: Selector gets the label selector of the child pod. The + Horizontal Pod Autoscaler(HPA) will scale using label selector of + the child pod. + type: string + services: + additionalProperties: + description: ListenerStatus describes general information about + a listeners + properties: + advertisedExternalEndpoints: + description: AdvertisedExternalEndpoints defines other advertised + endpoints, especially use for kafka + items: + type: string + type: array + authenticationType: + description: AuthenticationType defines authentication type + configured by a listener + type: string + externalAccessType: + description: ExternalAccessType is the external access type + used for the listener + type: string + externalEndpoint: + description: ExternalEndpoint defines the external endpoint + to connect to the service + type: string + internalEndpoint: + description: InternalEndpoint defines the internal endpoint + to connect to the service + type: string + tls: + description: TLS defines whether tls is configured by a listener + type: boolean + type: object + type: object + zookeeperConnect: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/crds/crds/platform.confluent.io_kafkatopics.yaml b/base/cfk-base/2.1.0/crds/platform.confluent.io_kafkatopics.yaml similarity index 100% rename from base/crds/crds/platform.confluent.io_kafkatopics.yaml rename to base/cfk-base/2.1.0/crds/platform.confluent.io_kafkatopics.yaml diff --git a/base/cfk-base/2.1.0/crds/platform.confluent.io_ksqldbs.yaml b/base/cfk-base/2.1.0/crds/platform.confluent.io_ksqldbs.yaml new file mode 100644 index 0000000..7930d96 --- /dev/null +++ b/base/cfk-base/2.1.0/crds/platform.confluent.io_ksqldbs.yaml @@ -0,0 +1,2695 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_ksqldbs.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: ksqldbs.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: KsqlDB + listKind: KsqlDBList + plural: ksqldbs + shortNames: + - ksqldb + - ksql + singular: ksqldb + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.replicas + name: Replicas + type: string + - jsonPath: .status.readyReplicas + name: Ready + type: string + - jsonPath: .status.phase + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.kafka.bootstrapEndpoint + name: Kafka + priority: 1 + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: KsqlDB is the Schema for the ksql API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KafkaSpec defines the desired state of CP component, Kafka + Server + properties: + authentication: + description: Authentication specifies whether auth is needed when + accessing the ksqlDB rest server. + properties: + basic: + description: Basic defines basic authentication + properties: + debug: + description: Debug enables basic auth debug logs if true for + JAAS configuration + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic + credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on the + server side only. Changes will be only reflected in ControlCenter + (C3). This configuration is ignored on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on the + server side only. This configuration is ignored on the client + side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme for + Rest Server + enum: + - basic + - mtls + type: string + required: + - type + type: object + authorization: + description: Authorization configuration defines RBAC configuration + properties: + kafkaRestClassRef: + description: KafkaRestClassRef defines the reference for KafkaRestClass + which defines Kafka Rest API + properties: + name: + description: Name defines the name of KafkaRestClass + minLength: 1 + type: string + namespace: + description: Namespace defines the namespace of the KafkaRestClass + type: string + required: + - name + type: object + type: + enum: + - rbac + type: string + required: + - type + type: object + configOverrides: + description: ConfigurationOverrides defines capability to override + server/jvm/log4j properties for each Confluent platform component. + Change will roll the cluster + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + dataVolumeCapacity: + anyOf: + - type: integer + - type: string + description: Data volume + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + dependencies: + description: Dependencies defines dependencies Kafka, interceptor, + schemaregistry, mds dependencies + properties: + interceptor: + description: InterceptorDependency defines interceptor settings + for CP component + properties: + configs: + description: Configs defines configs for the CP interceptor + Config override feature can be used to pass config + items: + type: string + type: array + consumer: + description: Consumer defines the consumer configuration for + interceptor. If not configured it will use the kafka dependency + configuration + properties: + authentication: + description: Authentication defines the authentication + for the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's + JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference + to pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete + JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name + referenced for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability + to discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component + is running Uses the same namespace where Operator + is running if not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side + TLS setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the + directory path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration + for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure + ignores the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name + referenced for jks password More information + about jks password key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + enabled: + description: Enabled defines to enable the CP interceptor + configuration + type: boolean + producer: + description: Producer defines the producer configuration for + interceptor. If not configured it will use the kafka dependency + configuration + properties: + authentication: + description: Authentication defines the authentication + for the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's + JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference + to pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete + JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name + referenced for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability + to discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component + is running Uses the same namespace where Operator + is running if not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side + TLS setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the + directory path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration + for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure + ignores the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name + referenced for jks password More information + about jks password key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + publishMs: + type: integer + required: + - enabled + type: object + kafka: + description: KafkaClientDependency allows configuring CP component + dependency to configure kafka settings + properties: + authentication: + description: Authentication defines the authentication for + the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to + pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to + discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if + not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: MDSDependencies defines MDS configure when CP RBAC + is enabled + properties: + authentication: + description: Authentication defines MDS authentication configuration + properties: + bearer: + description: BearerAuthentication defines bearer authentication + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines the authentication type support + for MDS + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: Endpoint defines the mds endpoint + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: ClientTLSConfig defines TLS configuration for + CP component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: TokenKeyPair defines the token keypair to configure + MDS + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - authentication + - endpoint + - tokenKeyPair + type: object + schemaRegistry: + description: SchemaRegistryClientDependency allows configuring + CP component dependency to configure schemaRegistry settings + properties: + authentication: + description: Authentication defines the authentication for + the schemaregistry cluster + properties: + basic: + description: Basic defines basic authentication + properties: + debug: + description: Debug enables basic auth debug logs if + true for JAAS configuration + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass + basic credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles + on the server side only. Changes will be only reflected + in ControlCenter (C3). This configuration is ignored + on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is ignored + on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for schemaregistry cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - url + type: object + type: object + externalAccess: + description: Provides configuring endpoints and services to make ksqlDB + accessible from outside the cluster + properties: + loadBalancer: + description: LoadBalancer allows to create a kubernetes load balancer + service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the + kubernetes service type load balancer + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring source + range + items: + type: string + type: array + port: + description: Port allows to configure external port for client + consumption If not configured, same internal/external port + will be configured per component Information about the port + can be retrieved through status API + format: int32 + type: integer + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard service + names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be + enabled with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in + the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this + is not specified, the value of the ''port'' field + is used (an identity map). This field is ignored for + services with clusterIP=None, and should be omitted + or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'SessionAffinity Supports "ClientIP" and "None". + Used to maintain session affinity. Enable client IP based + session affinity. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of session affinity + properties: + clientIP: + description: clientIP contains the configurations of Client + IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node port + service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the + kubernetes service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port offset + to be used and will go in the increasing order with respect + to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) For Kafka with nodePort type, it will only + apply to kafka bootstrap service + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard service + names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be + enabled with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in + the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this + is not specified, the value of the ''port'' field + is used (an identity map). This field is ignored for + services with clusterIP=None, and should be omitted + or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'SessionAffinity Supports "ClientIP" and "None". + Used to maintain session affinity. Enable client IP based + session affinity. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of session affinity + properties: + clientIP: + description: clientIP contains the configurations of Client + IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for OpenShift + Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the + OpenShift service type route + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. It defaults + to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: Type defines supported kubernetes external services + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + image: + description: Image defines application and init docker image configuration. + Change will roll the cluster + properties: + application: + description: Application defines application docker image name + pattern: .+:.+ + type: string + init: + description: Init defines init-container name + pattern: .+:.+ + type: string + pullPolicy: + description: ImagePullPolicy, One of Always, Never, IfNotPresent. + Defaults to IfNotPresent. + enum: + - Always + - Never + - IfNotPresent + type: string + pullSecretRef: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods + that reference this ServiceAccount. ImagePullSecrets are distinct + from Secrets because Secrets can be mounted in the pod, but + ImagePullSecrets are only accessed by the kubelet. More info: + https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: InjectAnnotations annotations are injected to all the + internal resources created by Operator. All the internal annotations + is preserved and forbidden to override. For pod annotations, use + podTemplate.annotations + type: object + injectLabels: + additionalProperties: + type: string + description: InjectLabels labels are injected to all the internal + resources created by Operator. All the internal labels is preserved + and forbidden to override. For pod labels, use podTemplate.labels + type: object + internalTopicReplicationFactor: + description: Replication factor for internal topics + format: int32 + type: integer + k8sClusterDomain: + description: K8SClusterDomain defines configuring kubernetes cluster + domain if required. If this setting is not configured it will default + to cluster.local domain. + type: string + license: + description: License defines license configuration for Confluent + platform component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where license key is mounted. More information + about the usage be found in Confluent Operator document. + minLength: 1 + type: string + globalLicense: + description: GlobalLicense specifies whether operator pod license + will be used for this component If enabled then Confluent platform + component shares Confluent Operator license. + type: boolean + secretRef: + description: SecretRef is secret reference which provides license + for CP component More information about the license key struct + can be found in Confluent Operator document. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + metrics: + description: Metrics specifies the security settings for metric services + properties: + authentication: + description: Metrics security authentication + properties: + type: + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: Override for jmx-prometheus exporter configs + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Prometheus exporter rule override + properties: + attrNameSnakeCase: + type: boolean + cache: + type: boolean + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: MountedSecrets defines list of secrets reference injected + to the the underlying statefulset configuration. The secret reference + is mounted secret mounted in default path /mnt/secrets/. + The underlying resources will follow the secret as a file configuration + as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod + Change will roll the cluster + items: + description: MountedSecrets allows provides a way to inject custom + secret to underlying statefulset. + properties: + keyItems: + description: keyItems is list of key and path names + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be in + conflict with other options that affect the file mode, + like fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: SecretRef defines the secret name referenced + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + oneReplicaPerNode: + description: OneReplicaPerNode enforces to run 1 pod per node through + pod anti-affinity capability. Enabling this configuration in existing + cluster will roll. Change will roll the cluster + type: boolean + podTemplate: + description: PodTemplate defines some statefulset pod template configuration + properties: + affinity: + description: 'Affinity is a group of affinity scheduling rules. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from + its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term + matches no objects. The requirements of them are + ANDed. The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node that + violates one or more of the expressions. The node that + is most preferred is the one with the greatest sum of + weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod + label update), the system may or may not try to eventually + evict the pod from its node. When there are multiple + elements, the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations defines an unstructured key value map + stored with a resource that may be set by external tools to + store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + envVars: + description: 'EnvVars defines the collection of EnvVar to inject + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Labels defines map of string keys and values that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present + in container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to + all containers in a pod. Some volume types allow the Kubelet + to change the ownership of that volume to be owned by the + pod: \n 1. The owning GID will be the FSGroup 2. The setgid + bit is set (new files created in the volume will be owned + by FSGroup) 3. The permission bits are OR'd with rw-rw---- + \n If unset, the Kubelet will not modify the ownership and + permissions of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence + for that container. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process + run in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options within a container's + SecurityContext will be used. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName defines priority class for the + pod (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: Probe defines some fields of standard kubernetes + readiness/liveness probe configuration. + properties: + liveness: + description: Liveness allows to configure some some probe + configuration The changes will override the existing default + configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has + started before probes are initiated. CP component comes + with right configuration, not required to change most + of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + readiness: + description: Readiness allows to configure some some probe + configuration The changes will override the existing default + configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has + started before probes are initiated. CP component comes + with right configuration, not required to change most + of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + type: object + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds defines grace period + for pod deletion + format: int64 + type: integer + tolerations: + description: Tolerations defines The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator . + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraints describes how a group of + pods ought to spread across topology domains. Scheduler will + schedule pods in a way which abides by the constraints. All + topologySpreadConstraints are ANDed. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods + may be unevenly distributed. It''s the maximum permitted + difference between the number of matching pods in any + two topology domains of a given topology type. For example, + in a 3-zone cluster, MaxSkew is set to 1, and pods with + the same labelSelector spread as 1/1/0: | zone1 | zone2 + | zone3 | | P | P | | - if MaxSkew is 1, + incoming pod can only be scheduled to zone3 to become + 1/1/1; scheduling it onto zone1(zone2) would make the + ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - + if MaxSkew is 2, incoming pod can be scheduled onto any + zone. It''s a required field. Default value is 1 and 0 + is not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - + DoNotSchedule (default) tells the scheduler not to schedule + it - ScheduleAnyway tells the scheduler to still schedule + it It''s considered as "Unsatisfiable" if and only if + placing incoming pod on any topology violates "MaxSkew". + For example, in a 3-zone cluster, MaxSkew is set to 1, + and pods with the same labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | | P P P | P | P | If + WhenUnsatisfiable is set to DoNotSchedule, incoming pod + can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). + In other words, the cluster can still be imbalanced, but + scheduler won''t make it *more* imbalanced. It''s a required + field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + replicas: + description: Replicas is the desired number of replicas of the given + Template. Change will roll the cluster + format: int32 + type: integer + storageClass: + description: Storage class used for creating pvc's of created ksqlDB + pods + properties: + name: + description: Name defines name is the storage class reference + name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + telemetry: + description: ConfluentTelemetry defines the confluent telemetry reporter + configuration + properties: + global: + description: Global will allow disabling telemetry configuration. + If Operator is deployed with telemetry, this field is only is + used to disabled. By default the value is true if telemetry + is enabled in global level. + type: boolean + type: object + tls: + description: Specifies TLS configurations for the ksqlDB rest server. + properties: + autoGeneratedCerts: + description: AutoGenerated if configures generates the certificates + based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where keystore/truststore.jks/jksPassword.txt keys + are mounted. CP will not configure truststore.jks can be ignored + with IgnoreTrustStoreConfig field + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced for + jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value format + can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - dataVolumeCapacity + - image + - replicas + type: object + status: + description: KsqlDBStatus defines the observed state of KSQLServer + properties: + authorizationType: + type: string + clusterName: + description: ClusterName defines the name of the cluster + type: string + clusterNamespace: + description: ClusterNamespace provides the namespace where cluster + is running + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition + is evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + currentReplicas: + description: CurrentReplicas defines current running replicas + format: int32 + type: integer + internalSecrets: + description: InternalSecrets defines the list of internal secrets + created by Operator for each CP component. + items: + type: string + type: array + internalTopicNames: + description: InternalTopicNames is a list of topics used by the component + for internal use + items: + type: string + type: array + kafka: + description: KafkaClientInfoStatus defines the kafka client side status + for all CP component + properties: + authenticationType: + description: AuthenticationType defines the authentication type + for kafka + type: string + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + type: string + tls: + description: TLS defines if tls is enabled for kafka dependency + type: boolean + type: object + operatorVersion: + description: OperatorVersion defines the internal version of operator + type: string + phase: + description: Phase defines the state of the CP component + type: string + rbac: + description: RBACInfoStatus defines RBAC related status when RBAC + is enabled + properties: + clusterId: + description: ClusterId defines the id of cluster + type: string + internalRolebindings: + description: RolebindingState defines the state of internal rolebindings + items: + type: string + type: array + type: object + readyReplicas: + description: ReadyReplicas defines current ready replicas + format: int32 + type: integer + replicas: + description: Replicas defines replicas + format: int32 + type: integer + restConfig: + description: ListenerStatus describes general information about a + listeners + properties: + advertisedExternalEndpoints: + description: AdvertisedExternalEndpoints defines other advertised + endpoints, especially use for kafka + items: + type: string + type: array + authenticationType: + description: AuthenticationType defines authentication type configured + by a listener + type: string + externalAccessType: + description: ExternalAccessType is the external access type used + for the listener + type: string + externalEndpoint: + description: ExternalEndpoint defines the external endpoint to + connect to the service + type: string + internalEndpoint: + description: InternalEndpoint defines the internal endpoint to + connect to the service + type: string + tls: + description: TLS defines whether tls is configured by a listener + type: boolean + type: object + selector: + description: Selector gets the label selector of the child pod. The + Horizontal Pod Autoscaler(HPA) will scale using label selector of + the child pod. + type: string + serviceId: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/crds/crds/platform.confluent.io_migrationjobs.yaml b/base/cfk-base/2.1.0/crds/platform.confluent.io_migrationjobs.yaml similarity index 100% rename from base/crds/crds/platform.confluent.io_migrationjobs.yaml rename to base/cfk-base/2.1.0/crds/platform.confluent.io_migrationjobs.yaml diff --git a/base/cfk-base/2.1.0/crds/platform.confluent.io_schemaregistries.yaml b/base/cfk-base/2.1.0/crds/platform.confluent.io_schemaregistries.yaml new file mode 100644 index 0000000..8c35b9d --- /dev/null +++ b/base/cfk-base/2.1.0/crds/platform.confluent.io_schemaregistries.yaml @@ -0,0 +1,2291 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_schemaregistries.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: schemaregistries.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: SchemaRegistry + listKind: SchemaRegistryList + plural: schemaregistries + shortNames: + - schemaregistry + - sr + singular: schemaregistry + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.replicas + name: Replicas + type: string + - jsonPath: .status.readyReplicas + name: Ready + type: string + - jsonPath: .status.phase + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.kafka.bootstrapEndpoint + name: Kafka + priority: 1 + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: SchemaRegistry is the Schema for the schemaregistries API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SchemaRegistrySpec defines the desired state of SchemaRegistry + properties: + authentication: + description: Authentication defines the rest-endpoint configuration + properties: + basic: + description: Basic defines basic authentication + properties: + debug: + description: Debug enables basic auth debug logs if true for + JAAS configuration + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic + credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on the + server side only. Changes will be only reflected in ControlCenter + (C3). This configuration is ignored on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on the + server side only. This configuration is ignored on the client + side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme for + Rest Server + enum: + - basic + - mtls + type: string + required: + - type + type: object + authorization: + description: Authorization defines authorization configurations + properties: + kafkaRestClassRef: + description: KafkaRestClassRef defines the reference for KafkaRestClass + which defines Kafka Rest API + properties: + name: + description: Name defines the name of KafkaRestClass + minLength: 1 + type: string + namespace: + description: Namespace defines the namespace of the KafkaRestClass + type: string + required: + - name + type: object + type: + enum: + - rbac + type: string + required: + - type + type: object + configOverrides: + description: ConfigurationOverrides defines capability to override + server/jvm/log4j properties for each Confluent platform component. + Change will roll the cluster + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + dependencies: + description: Dependencies defines all the dependencies service configuration + properties: + kafka: + description: Kafka defines kafka dependencies configuration + properties: + authentication: + description: Authentication defines the authentication for + the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to + pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to + discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if + not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: MDSDependencies defines the RBAC dependencies configurations + properties: + authentication: + description: Authentication defines MDS authentication configuration + properties: + bearer: + description: BearerAuthentication defines bearer authentication + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines the authentication type support + for MDS + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: Endpoint defines the mds endpoint + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: ClientTLSConfig defines TLS configuration for + CP component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: TokenKeyPair defines the token keypair to configure + MDS + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - authentication + - endpoint + - tokenKeyPair + type: object + type: object + externalAccess: + description: ExternalAccess defines the external access configuration + properties: + loadBalancer: + description: LoadBalancer allows to create a kubernetes load balancer + service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the + kubernetes service type load balancer + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring source + range + items: + type: string + type: array + port: + description: Port allows to configure external port for client + consumption If not configured, same internal/external port + will be configured per component Information about the port + can be retrieved through status API + format: int32 + type: integer + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard service + names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be + enabled with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in + the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this + is not specified, the value of the ''port'' field + is used (an identity map). This field is ignored for + services with clusterIP=None, and should be omitted + or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'SessionAffinity Supports "ClientIP" and "None". + Used to maintain session affinity. Enable client IP based + session affinity. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of session affinity + properties: + clientIP: + description: clientIP contains the configurations of Client + IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node port + service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the + kubernetes service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port offset + to be used and will go in the increasing order with respect + to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) For Kafka with nodePort type, it will only + apply to kafka bootstrap service + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard service + names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be + enabled with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in + the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this + is not specified, the value of the ''port'' field + is used (an identity map). This field is ignored for + services with clusterIP=None, and should be omitted + or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'SessionAffinity Supports "ClientIP" and "None". + Used to maintain session affinity. Enable client IP based + session affinity. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of session affinity + properties: + clientIP: + description: clientIP contains the configurations of Client + IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for OpenShift + Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the + OpenShift service type route + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. It defaults + to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: Type defines supported kubernetes external services + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + image: + description: Image defines application and init docker image configuration. + Change will roll the cluster + properties: + application: + description: Application defines application docker image name + pattern: .+:.+ + type: string + init: + description: Init defines init-container name + pattern: .+:.+ + type: string + pullPolicy: + description: ImagePullPolicy, One of Always, Never, IfNotPresent. + Defaults to IfNotPresent. + enum: + - Always + - Never + - IfNotPresent + type: string + pullSecretRef: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods + that reference this ServiceAccount. ImagePullSecrets are distinct + from Secrets because Secrets can be mounted in the pod, but + ImagePullSecrets are only accessed by the kubelet. More info: + https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: InjectAnnotations annotations are injected to all the + internal resources created by Operator. All the internal annotations + is preserved and forbidden to override. For pod annotations, use + podTemplate.annotations + type: object + injectLabels: + additionalProperties: + type: string + description: InjectLabels labels are injected to all the internal + resources created by Operator. All the internal labels is preserved + and forbidden to override. For pod labels, use podTemplate.labels + type: object + internalTopicReplicatorFactor: + format: int32 + minimum: 1 + type: integer + k8sClusterDomain: + description: K8SClusterDomain defines configuring kubernetes cluster + domain if required. If this setting is not configured it will default + to cluster.local domain. + type: string + license: + description: License defines license configuration for Confluent + platform component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where license key is mounted. More information + about the usage be found in Confluent Operator document. + minLength: 1 + type: string + globalLicense: + description: GlobalLicense specifies whether operator pod license + will be used for this component If enabled then Confluent platform + component shares Confluent Operator license. + type: boolean + secretRef: + description: SecretRef is secret reference which provides license + for CP component More information about the license key struct + can be found in Confluent Operator document. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + metrics: + description: Metrics specifies the security settings for metric services + properties: + authentication: + description: Metrics security authentication + properties: + type: + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: Override for jmx-prometheus exporter configs + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Prometheus exporter rule override + properties: + attrNameSnakeCase: + type: boolean + cache: + type: boolean + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: MountedSecrets defines list of secrets reference injected + to the the underlying statefulset configuration. The secret reference + is mounted secret mounted in default path /mnt/secrets/. + The underlying resources will follow the secret as a file configuration + as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod + Change will roll the cluster + items: + description: MountedSecrets allows provides a way to inject custom + secret to underlying statefulset. + properties: + keyItems: + description: keyItems is list of key and path names + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be in + conflict with other options that affect the file mode, + like fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: SecretRef defines the secret name referenced + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + oneReplicaPerNode: + description: OneReplicaPerNode enforces to run 1 pod per node through + pod anti-affinity capability. Enabling this configuration in existing + cluster will roll. Change will roll the cluster + type: boolean + podTemplate: + description: PodTemplate defines some statefulset pod template configuration + properties: + affinity: + description: 'Affinity is a group of affinity scheduling rules. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from + its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term + matches no objects. The requirements of them are + ANDed. The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node that + violates one or more of the expressions. The node that + is most preferred is the one with the greatest sum of + weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod + label update), the system may or may not try to eventually + evict the pod from its node. When there are multiple + elements, the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations defines an unstructured key value map + stored with a resource that may be set by external tools to + store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + envVars: + description: 'EnvVars defines the collection of EnvVar to inject + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Labels defines map of string keys and values that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present + in container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to + all containers in a pod. Some volume types allow the Kubelet + to change the ownership of that volume to be owned by the + pod: \n 1. The owning GID will be the FSGroup 2. The setgid + bit is set (new files created in the volume will be owned + by FSGroup) 3. The permission bits are OR'd with rw-rw---- + \n If unset, the Kubelet will not modify the ownership and + permissions of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence + for that container. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process + run in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options within a container's + SecurityContext will be used. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName defines priority class for the + pod (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: Probe defines some fields of standard kubernetes + readiness/liveness probe configuration. + properties: + liveness: + description: Liveness allows to configure some some probe + configuration The changes will override the existing default + configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has + started before probes are initiated. CP component comes + with right configuration, not required to change most + of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + readiness: + description: Readiness allows to configure some some probe + configuration The changes will override the existing default + configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has + started before probes are initiated. CP component comes + with right configuration, not required to change most + of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + type: object + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds defines grace period + for pod deletion + format: int64 + type: integer + tolerations: + description: Tolerations defines The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator . + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraints describes how a group of + pods ought to spread across topology domains. Scheduler will + schedule pods in a way which abides by the constraints. All + topologySpreadConstraints are ANDed. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods + may be unevenly distributed. It''s the maximum permitted + difference between the number of matching pods in any + two topology domains of a given topology type. For example, + in a 3-zone cluster, MaxSkew is set to 1, and pods with + the same labelSelector spread as 1/1/0: | zone1 | zone2 + | zone3 | | P | P | | - if MaxSkew is 1, + incoming pod can only be scheduled to zone3 to become + 1/1/1; scheduling it onto zone1(zone2) would make the + ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - + if MaxSkew is 2, incoming pod can be scheduled onto any + zone. It''s a required field. Default value is 1 and 0 + is not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - + DoNotSchedule (default) tells the scheduler not to schedule + it - ScheduleAnyway tells the scheduler to still schedule + it It''s considered as "Unsatisfiable" if and only if + placing incoming pod on any topology violates "MaxSkew". + For example, in a 3-zone cluster, MaxSkew is set to 1, + and pods with the same labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | | P P P | P | P | If + WhenUnsatisfiable is set to DoNotSchedule, incoming pod + can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). + In other words, the cluster can still be imbalanced, but + scheduler won''t make it *more* imbalanced. It''s a required + field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + replicas: + description: Replicas is the desired number of replicas of the given + Template. Change will roll the cluster + format: int32 + type: integer + telemetry: + description: ConfluentTelemetry defines the confluent telemetry reporter + configuration + properties: + global: + description: Global will allow disabling telemetry configuration. + If Operator is deployed with telemetry, this field is only is + used to disabled. By default the value is true if telemetry + is enabled in global level. + type: boolean + type: object + tls: + description: TLS defines tls configuration for rest-endpoint + properties: + autoGeneratedCerts: + description: AutoGenerated if configures generates the certificates + based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where keystore/truststore.jks/jksPassword.txt keys + are mounted. CP will not configure truststore.jks can be ignored + with IgnoreTrustStoreConfig field + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced for + jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value format + can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - image + - replicas + type: object + status: + description: SchemaRegistryStatus defines the observed state of SchemaRegistry + properties: + authorizationType: + type: string + clusterName: + description: ClusterName defines the name of the cluster + type: string + clusterNamespace: + description: ClusterNamespace provides the namespace where cluster + is running + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition + is evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + currentReplicas: + description: CurrentReplicas defines current running replicas + format: int32 + type: integer + groupId: + type: string + internalSecrets: + description: InternalSecrets defines the list of internal secrets + created by Operator for each CP component. + items: + type: string + type: array + internalTopicNames: + description: InternalTopicNames is a list of topics used by the component + for internal use + items: + type: string + type: array + kafka: + description: KafkaClientInfoStatus defines the kafka client side status + for all CP component + properties: + authenticationType: + description: AuthenticationType defines the authentication type + for kafka + type: string + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + type: string + tls: + description: TLS defines if tls is enabled for kafka dependency + type: boolean + type: object + metricPrefix: + type: string + operatorVersion: + description: OperatorVersion defines the internal version of operator + type: string + phase: + description: Phase defines the state of the CP component + type: string + rbac: + description: RBACInfoStatus defines RBAC related status when RBAC + is enabled + properties: + clusterId: + description: ClusterId defines the id of cluster + type: string + internalRolebindings: + description: RolebindingState defines the state of internal rolebindings + items: + type: string + type: array + type: object + readyReplicas: + description: ReadyReplicas defines current ready replicas + format: int32 + type: integer + replicas: + description: Replicas defines replicas + format: int32 + type: integer + restConfig: + description: ListenerStatus describes general information about a + listeners + properties: + advertisedExternalEndpoints: + description: AdvertisedExternalEndpoints defines other advertised + endpoints, especially use for kafka + items: + type: string + type: array + authenticationType: + description: AuthenticationType defines authentication type configured + by a listener + type: string + externalAccessType: + description: ExternalAccessType is the external access type used + for the listener + type: string + externalEndpoint: + description: ExternalEndpoint defines the external endpoint to + connect to the service + type: string + internalEndpoint: + description: InternalEndpoint defines the internal endpoint to + connect to the service + type: string + tls: + description: TLS defines whether tls is configured by a listener + type: boolean + type: object + selector: + description: Selector gets the label selector of the child pod. The + Horizontal Pod Autoscaler(HPA) will scale using label selector of + the child pod. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/crds/crds/platform.confluent.io_schemas.yaml b/base/cfk-base/2.1.0/crds/platform.confluent.io_schemas.yaml similarity index 100% rename from base/crds/crds/platform.confluent.io_schemas.yaml rename to base/cfk-base/2.1.0/crds/platform.confluent.io_schemas.yaml diff --git a/base/cfk-base/2.1.0/crds/platform.confluent.io_zookeepers.yaml b/base/cfk-base/2.1.0/crds/platform.confluent.io_zookeepers.yaml new file mode 100644 index 0000000..08ff812 --- /dev/null +++ b/base/cfk-base/2.1.0/crds/platform.confluent.io_zookeepers.yaml @@ -0,0 +1,1707 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_zookeepers.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: zookeepers.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: Zookeeper + listKind: ZookeeperList + plural: zookeepers + shortNames: + - zookeeper + - zk + singular: zookeeper + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.replicas + name: Replicas + type: string + - jsonPath: .status.readyReplicas + name: Ready + type: string + - jsonPath: .status.phase + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.endpoint + name: Endpoint + priority: 1 + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: Zookeeper is the Schema for the zookeepers API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ZookeeperSpec defines the desired state of Confluent Platform + (CP) component, Zookeeper + properties: + authentication: + description: Authentication defines support authentication configuration + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass required + credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + principalMappingRules: + items: + type: string + type: array + type: + description: Type defines supported kafka authentication types + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + configOverrides: + description: ConfigurationOverrides defines capability to override + server/jvm/log4j properties for each Confluent platform component. + Change will roll the cluster + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + dataVolumeCapacity: + anyOf: + - type: integer + - type: string + description: DataVolumeCapacity defines the data volume size + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + image: + description: Image defines application and init docker image configuration. + Change will roll the cluster + properties: + application: + description: Application defines application docker image name + pattern: .+:.+ + type: string + init: + description: Init defines init-container name + pattern: .+:.+ + type: string + pullPolicy: + description: ImagePullPolicy, One of Always, Never, IfNotPresent. + Defaults to IfNotPresent. + enum: + - Always + - Never + - IfNotPresent + type: string + pullSecretRef: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods + that reference this ServiceAccount. ImagePullSecrets are distinct + from Secrets because Secrets can be mounted in the pod, but + ImagePullSecrets are only accessed by the kubelet. More info: + https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: InjectAnnotations annotations are injected to all the + internal resources created by Operator. All the internal annotations + is preserved and forbidden to override. For pod annotations, use + podTemplate.annotations + type: object + injectLabels: + additionalProperties: + type: string + description: InjectLabels labels are injected to all the internal + resources created by Operator. All the internal labels is preserved + and forbidden to override. For pod labels, use podTemplate.labels + type: object + k8sClusterDomain: + description: K8SClusterDomain defines configuring kubernetes cluster + domain if required. If this setting is not configured it will default + to cluster.local domain. + type: string + license: + description: License defines license configuration for Confluent + platform component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where license key is mounted. More information + about the usage be found in Confluent Operator document. + minLength: 1 + type: string + globalLicense: + description: GlobalLicense specifies whether operator pod license + will be used for this component If enabled then Confluent platform + component shares Confluent Operator license. + type: boolean + secretRef: + description: SecretRef is secret reference which provides license + for CP component More information about the license key struct + can be found in Confluent Operator document. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + logVolumeCapacity: + anyOf: + - type: integer + - type: string + description: LogVolumeCapacity defines the log volume size + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + metrics: + description: Metrics specifies the security settings for metric services + properties: + authentication: + description: Metrics security authentication + properties: + type: + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: Override for jmx-prometheus exporter configs + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Prometheus exporter rule override + properties: + attrNameSnakeCase: + type: boolean + cache: + type: boolean + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: MountedSecrets defines list of secrets reference injected + to the the underlying statefulset configuration. The secret reference + is mounted secret mounted in default path /mnt/secrets/. + The underlying resources will follow the secret as a file configuration + as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod + Change will roll the cluster + items: + description: MountedSecrets allows provides a way to inject custom + secret to underlying statefulset. + properties: + keyItems: + description: keyItems is list of key and path names + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be in + conflict with other options that affect the file mode, + like fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: SecretRef defines the secret name referenced + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + oneReplicaPerNode: + description: OneReplicaPerNode enforces to run 1 pod per node through + pod anti-affinity capability. Enabling this configuration in existing + cluster will roll. Change will roll the cluster + type: boolean + podTemplate: + description: PodTemplate defines some statefulset pod template configuration + properties: + affinity: + description: 'Affinity is a group of affinity scheduling rules. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from + its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term + matches no objects. The requirements of them are + ANDed. The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node that + violates one or more of the expressions. The node that + is most preferred is the one with the greatest sum of + weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod + label update), the system may or may not try to eventually + evict the pod from its node. When there are multiple + elements, the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations defines an unstructured key value map + stored with a resource that may be set by external tools to + store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + envVars: + description: 'EnvVars defines the collection of EnvVar to inject + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Labels defines map of string keys and values that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present + in container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to + all containers in a pod. Some volume types allow the Kubelet + to change the ownership of that volume to be owned by the + pod: \n 1. The owning GID will be the FSGroup 2. The setgid + bit is set (new files created in the volume will be owned + by FSGroup) 3. The permission bits are OR'd with rw-rw---- + \n If unset, the Kubelet will not modify the ownership and + permissions of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence + for that container. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process + run in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options within a container's + SecurityContext will be used. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName defines priority class for the + pod (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: Probe defines some fields of standard kubernetes + readiness/liveness probe configuration. + properties: + liveness: + description: Liveness allows to configure some some probe + configuration The changes will override the existing default + configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has + started before probes are initiated. CP component comes + with right configuration, not required to change most + of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + readiness: + description: Readiness allows to configure some some probe + configuration The changes will override the existing default + configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has + started before probes are initiated. CP component comes + with right configuration, not required to change most + of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + type: object + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds defines grace period + for pod deletion + format: int64 + type: integer + tolerations: + description: Tolerations defines The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator . + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraints describes how a group of + pods ought to spread across topology domains. Scheduler will + schedule pods in a way which abides by the constraints. All + topologySpreadConstraints are ANDed. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods + may be unevenly distributed. It''s the maximum permitted + difference between the number of matching pods in any + two topology domains of a given topology type. For example, + in a 3-zone cluster, MaxSkew is set to 1, and pods with + the same labelSelector spread as 1/1/0: | zone1 | zone2 + | zone3 | | P | P | | - if MaxSkew is 1, + incoming pod can only be scheduled to zone3 to become + 1/1/1; scheduling it onto zone1(zone2) would make the + ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - + if MaxSkew is 2, incoming pod can be scheduled onto any + zone. It''s a required field. Default value is 1 and 0 + is not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - + DoNotSchedule (default) tells the scheduler not to schedule + it - ScheduleAnyway tells the scheduler to still schedule + it It''s considered as "Unsatisfiable" if and only if + placing incoming pod on any topology violates "MaxSkew". + For example, in a 3-zone cluster, MaxSkew is set to 1, + and pods with the same labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | | P P P | P | P | If + WhenUnsatisfiable is set to DoNotSchedule, incoming pod + can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). + In other words, the cluster can still be imbalanced, but + scheduler won''t make it *more* imbalanced. It''s a required + field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + replicas: + description: Replicas is the desired number of replicas of the given + Template. Change will roll the cluster + format: int32 + type: integer + storageClass: + description: StorageClass defines the user provided storage class. + If not configured, it will use default storage class. + properties: + name: + description: Name defines name is the storage class reference + name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLS defines TLS setting + properties: + autoGeneratedCerts: + description: AutoGenerated if configures generates the certificates + based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where keystore/truststore.jks/jksPassword.txt keys + are mounted. CP will not configure truststore.jks can be ignored + with IgnoreTrustStoreConfig field + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced for + jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value format + can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - dataVolumeCapacity + - image + - logVolumeCapacity + - replicas + type: object + status: + description: ZookeeperStatus defines the observed state of Zookeeper + properties: + authenticationType: + type: string + authorizationType: + type: string + clusterName: + description: ClusterName defines the name of the cluster + type: string + clusterNamespace: + description: ClusterNamespace provides the namespace where cluster + is running + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition + is evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + currentReplicas: + description: CurrentReplicas defines current running replicas + format: int32 + type: integer + endpoint: + type: string + internalSecrets: + description: InternalSecrets defines the list of internal secrets + created by Operator for each CP component. + items: + type: string + type: array + internalTopicNames: + description: InternalTopicNames is a list of topics used by the component + for internal use + items: + type: string + type: array + myIdOffset: + description: MyIdOffset myid offset configuration + format: int32 + type: integer + operatorVersion: + description: OperatorVersion defines the internal version of operator + type: string + phase: + description: Phase defines the state of the CP component + type: string + readyReplicas: + description: ReadyReplicas defines current ready replicas + format: int32 + type: integer + replicas: + description: Replicas defines replicas + format: int32 + type: integer + selector: + description: Selector gets the label selector of the child pod. The + Horizontal Pod Autoscaler(HPA) will scale using label selector of + the child pod. + type: string + tls: + type: boolean + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.1.0/templates/clusterrole.yaml b/base/cfk-base/2.1.0/templates/clusterrole.yaml new file mode 100644 index 0000000..fb28cfc --- /dev/null +++ b/base/cfk-base/2.1.0/templates/clusterrole.yaml @@ -0,0 +1,119 @@ +--- +# Source: confluent-for-kubernetes/templates/clusterrole.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: confluent-for-kubernetes + app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: confluent-for-kubernetes-0.280.1 + name: confluent-operator +rules: +- apiGroups: + - cluster.confluent.com + resources: + - zookeeperclusters + - zookeeperclusters/status + - zookeeperclusters/scale + - zookeeperclusters/finalizers + - kafkaclusters + - kafkaclusters/status + - kafkaclusters/scale + - kafkaclusters/finalizers + verbs: + - '*' +- apiGroups: + - operator.confluent.cloud + resources: + - physicalstatefulclusters + - physicalstatefulclusters/scale + - physicalstatefulclusters/status + - physicalstatefulclusters/finalizers + verbs: + - '*' +- apiGroups: + - platform.confluent.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - route.openshift.io + resources: + - routes + - routes/custom-host + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - apps + resources: + - statefulsets + - statefulsets/scale + - statefulsets/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps + - events + - persistentvolumeclaims + - secrets + - secrets/finalizers + - pods + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - networking.k8s.io + resources: + - ingresses + - ingresses/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list diff --git a/base/cfk-base/2.1.0/templates/clusterrolebinding.yaml b/base/cfk-base/2.1.0/templates/clusterrolebinding.yaml new file mode 100644 index 0000000..d560ff5 --- /dev/null +++ b/base/cfk-base/2.1.0/templates/clusterrolebinding.yaml @@ -0,0 +1,21 @@ +--- +# Source: confluent-for-kubernetes/templates/clusterrolebinding.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: + app: confluent-for-kubernetes + app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: confluent-for-kubernetes-0.280.1 + name: confluent-operator +subjects: +- kind: ServiceAccount + name: confluent-for-kubernetes + namespace: default +roleRef: + kind: ClusterRole + name: confluent-operator + apiGroup: rbac.authorization.k8s.io diff --git a/base/cfk-base/2.1.0/templates/deployment.yaml b/base/cfk-base/2.1.0/templates/deployment.yaml new file mode 100644 index 0000000..aeb3ca1 --- /dev/null +++ b/base/cfk-base/2.1.0/templates/deployment.yaml @@ -0,0 +1,82 @@ +--- +# Source: confluent-for-kubernetes/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: confluent-for-kubernetes + app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: confluent-for-kubernetes-0.280.1 + version: 0.280.1 + name: confluent-operator + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: "confluent-operator" + app.kubernetes.io/instance: release-name + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: + prometheus.io/path: "/metrics" + prometheus.io/port: "7778" + prometheus.io/scrape: "true" + labels: + app: "confluent-operator" + app.kubernetes.io/name: "confluent-operator" + app.kubernetes.io/instance: release-name + confluent-platform: "true" + version: 0.280.1 + spec: + securityContext: + fsGroup: 1001 + runAsNonRoot: true + runAsUser: 1001 + containers: + - args: + - --debug=false + name: confluent-operator + image: docker.io/confluentinc/confluent-operator:0.280.1 + imagePullPolicy: IfNotPresent + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + readinessProbe: + httpGet: + port: 8080 + path: /readyz + livenessProbe: + httpGet: + port: 8080 + path: /healthz + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: NODEIP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_ENTITY_ID + valueFrom: + fieldRef: + fieldPath: metadata.uid + serviceAccountName: confluent-for-kubernetes + restartPolicy: Always + terminationGracePeriodSeconds: 30 diff --git a/base/cfk-base/2.1.0/templates/kustomization.yaml b/base/cfk-base/2.1.0/templates/kustomization.yaml new file mode 100644 index 0000000..e9867e7 --- /dev/null +++ b/base/cfk-base/2.1.0/templates/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - licensing.yaml + - clusterrole.yaml + - clusterrolebinding.yaml + - deployment.yaml + - service.yaml + - serviceaccount.yaml diff --git a/base/cfk-base/2.1.0/templates/licensing.yaml b/base/cfk-base/2.1.0/templates/licensing.yaml new file mode 100644 index 0000000..8bccbc0 --- /dev/null +++ b/base/cfk-base/2.1.0/templates/licensing.yaml @@ -0,0 +1,17 @@ +--- +# Source: confluent-for-kubernetes/templates/licensing.yaml +apiVersion: v1 +kind: Secret +metadata: + labels: + app: confluent-for-kubernetes + app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: confluent-for-kubernetes-0.280.1 + namespace: default + name: confluent-operator-licensing +type: Opaque +data: + publicKey.pem: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF2YUd5OFRPZGJDTXlTTTd6cVpzeApuNjJ5dUUrQmhJUGxjOXo5Y3RyWCt0QldOQ0NKZVBaYktIVFpTOXVLTGVLVWk5dTA3dHMvMzVYUm5FNEFURDZxCmx3am5Tb0pPa2VJWGNZaUorWEdFeE4xb1JFOFJsNW90dmRtSkVzYjlZNkpzZmUybFJDQ3NaTng2azFzMU5tUUYKUjR3blJpS3lsSWlZSjl1V1VHZkgxOEpLWnFNOHo5UXFrWi8relFrekhOWXNYbi9ZeVJ1RElRWGVVU2VjaHI5MwpKanQ3OUFpa3NraWNvVDA0bHF6L0dhSHoyV0pFeXV2TExFMWpOQk9Db21LbDA1UWIreXZKbUdudC83SFg2SFQ3CjNobkNYYnNsd3R6cDBDbWVHT2lKUmJKeGJhaGtURnFoMW9LcVpYVURDWnJLQ05OUnZYcU4vUUhxbmF3bzZrSnkKOHdJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0t diff --git a/base/cfk-base/2.1.0/templates/service.yaml b/base/cfk-base/2.1.0/templates/service.yaml new file mode 100644 index 0000000..9b512fa --- /dev/null +++ b/base/cfk-base/2.1.0/templates/service.yaml @@ -0,0 +1,24 @@ +--- +# Source: confluent-for-kubernetes/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + labels: + app: confluent-for-kubernetes + app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: confluent-for-kubernetes-0.280.1 + name: confluent-operator + namespace: default +spec: + ports: + - name: http-metric + port: 7778 + protocol: TCP + targetPort: 7778 + selector: + app: "confluent-operator" + app.kubernetes.io/name: "confluent-operator" + type: ClusterIP diff --git a/base/cfk-base/2.1.0/templates/serviceaccount.yaml b/base/cfk-base/2.1.0/templates/serviceaccount.yaml new file mode 100644 index 0000000..a79d22a --- /dev/null +++ b/base/cfk-base/2.1.0/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +--- +# Source: confluent-for-kubernetes/templates/serviceaccount.yaml +apiVersion: v1 +imagePullSecrets: +- name: confluent-registry +kind: ServiceAccount +metadata: + labels: + app: confluent-for-kubernetes + app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: confluent-for-kubernetes-0.280.1 + name: confluent-for-kubernetes + namespace: default diff --git a/base/cfk-base/2.1.1/crds/kustomization.yaml b/base/cfk-base/2.1.1/crds/kustomization.yaml new file mode 100644 index 0000000..2ad3673 --- /dev/null +++ b/base/cfk-base/2.1.1/crds/kustomization.yaml @@ -0,0 +1,13 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - platform.confluent.io_confluentrolebindings.yaml + - platform.confluent.io_connects.yaml + - platform.confluent.io_controlcenters.yaml + - platform.confluent.io_kafkarestclasses.yaml + - platform.confluent.io_kafkas.yaml + - platform.confluent.io_kafkatopics.yaml + - platform.confluent.io_ksqldbs.yaml + - platform.confluent.io_migrationjobs.yaml + - platform.confluent.io_schemaregistries.yaml + - platform.confluent.io_zookeepers.yaml diff --git a/base/cfk-base/2.1.1/crds/platform.confluent.io_confluentrolebindings.yaml b/base/cfk-base/2.1.1/crds/platform.confluent.io_confluentrolebindings.yaml new file mode 100644 index 0000000..f187dce --- /dev/null +++ b/base/cfk-base/2.1.1/crds/platform.confluent.io_confluentrolebindings.yaml @@ -0,0 +1,257 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_confluentrolebindings.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: confluentrolebindings.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: ConfluentRolebinding + listKind: ConfluentRolebindingList + plural: confluentrolebindings + shortNames: + - cfrb + - confluentrolebinding + singular: confluentrolebinding + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.state + name: Status + type: string + - jsonPath: .status.kafkaClusterId + name: KafkaClusterId + type: string + - jsonPath: .status.principal + name: Principal + type: string + - jsonPath: .status.role + name: Role + type: string + - jsonPath: .status.kafkaRestClass + name: KafkaRestClass + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.kafkaCluster + name: KafkaCluster + priority: 1 + type: string + - jsonPath: .status.clusterRegistryName + name: ClusterRegistryName + priority: 1 + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: ConfluentRolebinding is the Schema for the confluentrolebinding + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ConfluentRolebindingSpec defines the desired state of rolebinding + for cp component when rbac is enabled + properties: + clustersScopeByIds: + description: ClusterScope defines the scope of clustersId + properties: + connectClusterId: + minLength: 1 + type: string + kafkaClusterId: + minLength: 1 + type: string + ksqlClusterId: + minLength: 1 + type: string + schemaRegistryClusterId: + minLength: 1 + type: string + type: object + clustersScopeByRegistryName: + description: ClusterRegistryName defines the unique cluster name customer + registered in cluster registry + minLength: 1 + type: string + kafkaRestClassRef: + description: KafkaRestClassRef defines the reference for KafkaRestClass + which defines Kafka Rest API + properties: + name: + description: Name defines the name of KafkaRestClass + minLength: 1 + type: string + namespace: + description: Namespace defines the namespace of the KafkaRestClass + type: string + required: + - name + type: object + principal: + description: Principal defines the confluent rolebinding principal + name and the binding details. + properties: + name: + description: Name defines the name of the principal(user/group) + minLength: 1 + type: string + type: + enum: + - user + - group + type: string + required: + - name + - type + type: object + resourcePatterns: + description: ResourcePatterns define the qualified resources associated + with this rolebinding + items: + description: ResourcePattern define the qualified resource info + associated with this rolebinding + properties: + name: + description: Name defines the name of resource associated with + this rolebinding + minLength: 1 + type: string + patternType: + description: PatternType defines whether the pattern of resource + is PREFIXED or LITERAL, default is LITERAL if not set + enum: + - PREFIXED + - LITERAL + type: string + resourceType: + description: ResourceType defines the type of resource + minLength: 1 + type: string + required: + - name + - resourceType + type: object + type: array + role: + description: Role defines the name of the Role + minLength: 1 + type: string + required: + - principal + - role + type: object + status: + description: ConfluentRolebindingStatus defines the observed state of + ConfluentRolebinding + properties: + clusterRegistryName: + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition + is evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + kafkaCluster: + type: string + kafkaClusterId: + type: string + kafkaRestClass: + type: string + mdsEndpoint: + type: string + principal: + type: string + resourcePatterns: + items: + description: ResourcePattern define the qualified resource info + associated with this rolebinding + properties: + name: + description: Name defines the name of resource associated with + this rolebinding + minLength: 1 + type: string + patternType: + description: PatternType defines whether the pattern of resource + is PREFIXED or LITERAL, default is LITERAL if not set + enum: + - PREFIXED + - LITERAL + type: string + resourceType: + description: ResourceType defines the type of resource + minLength: 1 + type: string + required: + - name + - resourceType + type: object + type: array + role: + type: string + state: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.1.1/crds/platform.confluent.io_connectors.yaml b/base/cfk-base/2.1.1/crds/platform.confluent.io_connectors.yaml new file mode 100644 index 0000000..672ef73 --- /dev/null +++ b/base/cfk-base/2.1.1/crds/platform.confluent.io_connectors.yaml @@ -0,0 +1,353 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_connectors.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: connectors.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: Connector + listKind: ConnectorList + plural: connectors + shortNames: + - ctr + - connector + singular: connector + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.state + name: Status + type: string + - jsonPath: .status.connectorState + name: ConnectorStatus + type: string + - jsonPath: .status.tasksReady + name: Tasks-Ready + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.connectRestEndpoint + name: ConnectEndpoint + priority: 1 + type: string + - jsonPath: .status.failedTasksCount + name: Tasks-Failed + priority: 1 + type: string + - jsonPath: .status.workerId + name: WorkerId + priority: 1 + type: string + - jsonPath: .status.restartPolicy.type + name: RestartPolicy + priority: 1 + type: string + - jsonPath: .status.kafkaClusterId + name: KafkaClusterId + priority: 1 + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: Connector is the Schema for the connectors API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ConnectorSpec defines the desired state of Connector + properties: + class: + description: ClassName defines the class name for a connector. Connect + cluster displays the supported class names in its status + minLength: 1 + type: string + configs: + additionalProperties: + type: string + description: Configs defines all other configurations for the connector + type: object + connectClusterRef: + description: ConnectClusterRef defines the discovery section to refer + to a CFK managed connect cluster + properties: + name: + description: Name defines name of the cluster + type: string + namespace: + description: Namespace defines namespace where cluster is running + type: string + required: + - name + type: object + connectRest: + description: ConnectRestRef defines Connect Rest API connection configuration + properties: + authentication: + description: Authentication defines the Rest API authentication + mechanism + properties: + basic: + description: Basic defines basic authentication for the rest + client + properties: + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + bearer: + description: BearerAuthentication defines bearer authentication + for the rest client + properties: + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: + enum: + - basic + - bearer + - mtls + type: string + required: + - type + type: object + endpoint: + description: Endpoint defines where confluent Rest API is running + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: TLSDependencyConfig defines custom TLS structure + for the child resources(connector, topic, schema, etc) of CP + component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. + minLength: 1 + type: string + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: object + name: + description: Name defines the Connector name. If not configured uses + the CR name as connector name + maxLength: 255 + minLength: 1 + pattern: ^[a-zA-Z0-9\._\-]*$ + type: string + restartPolicy: + description: RestartPolicy defines the policy to restart failed tasks + of connector + properties: + maxRetry: + description: MaxRetry defines the max retry times to restart when + restartPolicy type is OnFailure, default value is 10 + format: int32 + minimum: 1 + type: integer + type: + description: Type defines the restart policy type to restart connector + tasks, default value is OnFailure, which means it will restart + automatically when tasks failed if not reach max retry times + enum: + - OnFailure + - Never + type: string + required: + - type + type: object + taskMax: + description: TaskMax defines the max task for a connector, it must + be greater than 0. The connector may create fewer tasks if it cannot + achieve this level of parallelism + format: int32 + minimum: 1 + type: integer + required: + - class + - taskMax + type: object + status: + description: ConnectorStatus defines the observed state of Connector + properties: + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition + is evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + connectRestEndpoint: + description: ConnectRestEndpoint defines the rest endpoint of connect + cluster + type: string + connectorState: + description: ConnectorState define the actual status of the connector + instance + type: string + failedTasks: + additionalProperties: + description: TaskStatus defines the connector task status + properties: + id: + description: Id defines id of the task + format: int32 + type: integer + retryCount: + description: RetryCount defines the current retried count of + restarting the task when its state is failed + format: int32 + type: integer + workerId: + description: WorkerId defines the workerId for the task + type: string + required: + - id + type: object + description: FailedTasksMap defines the map of connector tasks with + state FAILED. Error message of failed tasks logged in operator logs + as INFO, or can be get via making connect rest api calls + type: object + failedTasksCount: + description: FailedTasksCount defines the number of failed tasks + format: int32 + type: integer + kafkaClusterId: + description: KafkaClusterId defines the kafka cluster Id the connector + belongs to + type: string + restartPolicy: + description: RestartPolicy defines the policy to restart failed tasks + of connector + properties: + maxRetry: + description: MaxRetry defines the max retry times to restart when + restartPolicy type is OnFailure, default value is 10 + format: int32 + minimum: 1 + type: integer + type: + description: Type defines the restart policy type to restart connector + tasks, default value is OnFailure, which means it will restart + automatically when tasks failed if not reach max retry times + enum: + - OnFailure + - Never + type: string + required: + - type + type: object + state: + description: State defines the CR state of the connector, it is not + the connector state, which can be PROVISIONING, CREATED, ERROR, + DELETE-REQUESTED, etc + type: string + tasksReady: + description: TaskReady defines the number of running tasks based on + taskMax + type: string + trace: + description: ConnectorTrace defines the error trace message for the + connector instance + type: string + workerId: + description: ConnectorWorkerId defines the workerId for the connector + instance + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/crds/crds/platform.confluent.io_connects.yaml b/base/cfk-base/2.1.1/crds/platform.confluent.io_connects.yaml similarity index 100% rename from base/crds/crds/platform.confluent.io_connects.yaml rename to base/cfk-base/2.1.1/crds/platform.confluent.io_connects.yaml diff --git a/base/crds/crds/platform.confluent.io_controlcenters.yaml b/base/cfk-base/2.1.1/crds/platform.confluent.io_controlcenters.yaml similarity index 100% rename from base/crds/crds/platform.confluent.io_controlcenters.yaml rename to base/cfk-base/2.1.1/crds/platform.confluent.io_controlcenters.yaml diff --git a/base/cfk-base/2.1.1/crds/platform.confluent.io_kafkarestclasses.yaml b/base/cfk-base/2.1.1/crds/platform.confluent.io_kafkarestclasses.yaml new file mode 100644 index 0000000..4c37b62 --- /dev/null +++ b/base/cfk-base/2.1.1/crds/platform.confluent.io_kafkarestclasses.yaml @@ -0,0 +1,304 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_kafkarestclasses.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: kafkarestclasses.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: KafkaRestClass + listKind: KafkaRestClassList + plural: kafkarestclasses + shortNames: + - krc + - kafkarestclass + singular: kafkarestclass + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: KafkaRestClass is the Schema for the kafkarestclasses API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KafkaRestClassSpec defines the desired state of KafkaRestClass + properties: + kafkaClusterRef: + description: KafkaClusterRef defines the name of the kafka cluster + properties: + name: + description: Name defines name of the cluster + type: string + namespace: + description: Namespace defines namespace where cluster is running + type: string + required: + - name + type: object + kafkaRest: + description: KafkaRestApiInfo defines Kafka Rest API configuration + properties: + authentication: + description: Authentication defines the Rest API authentication + mechanism + properties: + basic: + description: Basic defines basic authentication for the rest + client + properties: + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + bearer: + description: BearerAuthentication defines bearer authentication + for the rest client + properties: + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: + enum: + - basic + - bearer + - mtls + type: string + required: + - type + type: object + endpoint: + description: Endpoint defines where confluent Rest API is running + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: TLSDependencyConfig defines custom TLS structure + for the child resources(connector, topic, schema, etc) of CP + component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. + minLength: 1 + type: string + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: object + secondaryKafkaClusterRef: + description: SecondaryKafkaClusterRef defines the name of the secondary + kafka cluster when using centralized RBAC + properties: + name: + description: Name defines name of the cluster + type: string + namespace: + description: Namespace defines namespace where cluster is running + type: string + required: + - name + type: object + secondaryKafkaRest: + description: SeconaryKafkaRestApiInfo defines secondary Kafka Rest + API configuration when using centralized RBAC + properties: + authentication: + description: Authentication defines the Rest API authentication + mechanism + properties: + basic: + description: Basic defines basic authentication for the rest + client + properties: + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + bearer: + description: BearerAuthentication defines bearer authentication + for the rest client + properties: + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: + enum: + - basic + - bearer + - mtls + type: string + required: + - type + type: object + endpoint: + description: Endpoint defines where confluent Rest API is running + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: TLSDependencyConfig defines custom TLS structure + for the child resources(connector, topic, schema, etc) of CP + component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. + minLength: 1 + type: string + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: object + type: object + status: + description: KafkaRestClassStatus defines the observed state of KafkaRestClass + properties: + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition + is evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + endpoint: + description: Endpoint defines the kafkarest/mds endpoint + type: string + kafkaClusterId: + description: KafkaClusterId defines the cluster id of kafka cluster + If using centralized RBAC and kafkarestclass is for secondary kafka + cluster, it will be clusterId of secondary kafka cluster + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/crds/crds/platform.confluent.io_kafkarestproxies.yaml b/base/cfk-base/2.1.1/crds/platform.confluent.io_kafkarestproxies.yaml similarity index 100% rename from base/crds/crds/platform.confluent.io_kafkarestproxies.yaml rename to base/cfk-base/2.1.1/crds/platform.confluent.io_kafkarestproxies.yaml diff --git a/base/cfk-base/2.1.1/crds/platform.confluent.io_kafkas.yaml b/base/cfk-base/2.1.1/crds/platform.confluent.io_kafkas.yaml new file mode 100644 index 0000000..f80e736 --- /dev/null +++ b/base/cfk-base/2.1.1/crds/platform.confluent.io_kafkas.yaml @@ -0,0 +1,4460 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_kafkas.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: kafkas.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: Kafka + listKind: KafkaList + plural: kafkas + shortNames: + - kafka + - broker + singular: kafka + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.replicas + name: Replicas + type: string + - jsonPath: .status.readyReplicas + name: Ready + type: string + - jsonPath: .status.phase + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.zookeeperConnect + name: Zookeeper + priority: 1 + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: Kafka is the Schema for the kafkas API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KafkaSpec defines the desired state of CP component, Kafka + Server + properties: + authorization: + description: Authorization defines authorization support + properties: + superUsers: + description: SuperUsers defines list of supers user to give admin + privilege on the Kafka Cluster This list takes the format as + User: + items: + type: string + type: array + type: + enum: + - rbac + - simple + type: string + required: + - type + type: object + configOverrides: + description: ConfigurationOverrides defines capability to override + server/jvm/log4j properties for each Confluent platform component. + Change will roll the cluster + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + dataVolumeCapacity: + anyOf: + - type: integer + - type: string + description: DataVolumeCapacity defines the PV capacity. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + dependencies: + description: Dependencies defines all the kafka dependencies like + zookeeper and centralized MDS settings + properties: + kafkaRest: + description: KafkaRestApiClientDep provides rest client auth for + MDS when RBAC is enabled + properties: + authentication: + description: Authentication defines authentication of Kafka + Rest API + properties: + bearer: + description: BearerAuthentication defines bearer authentication + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines the authentication type support + for MDS + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: Endpoint defines where confluent Kafka Rest API + is running + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: TLSDependencyConfig defines the client side tls + configuration to connect to Kafka Rest API + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: KafkaPrimaryMetaDataServerDep configure a secondary + Kafka cluster managed by the MDS of the primary Kafka cluster + properties: + endpoint: + description: URLEndpoint defines the URL endpoint in format + http|s://:port + minLength: 1 + pattern: ^https?://.* + type: string + kafka: + description: KafkaClientDependency allows configuring CP component + dependency to configure kafka settings + properties: + authentication: + description: Authentication defines the authentication + for the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's + JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference + to pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete + JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name + referenced for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability + to discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component + is running Uses the same namespace where Operator + is running if not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side + TLS setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the + directory path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration + for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure + ignores the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name + referenced for jks password More information + about jks password key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + tls: + description: ClientTLSConfig defines TLS configuration for + CP component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: MDSTokenKeyPair load either through secretRef + or directory path + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - endpoint + - kafka + - tokenKeyPair + type: object + schemaRegistry: + description: SchemaRegistryClientDependency allows configuring + CP component dependency to configure schemaRegistry settings + properties: + authentication: + description: Authentication defines the authentication for + the schemaregistry cluster + properties: + basic: + description: Basic defines basic authentication + properties: + debug: + description: Debug enables basic auth debug logs if + true for JAAS configuration + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass + basic credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles + on the server side only. Changes will be only reflected + in ControlCenter (C3). This configuration is ignored + on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is ignored + on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for schemaregistry cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - url + type: object + zookeeper: + description: KafkaZookeeperDependencies + properties: + authentication: + description: KafkaClientAuthentication defines the authentication + structure for all dependent CP Component for Kafka Cluster. + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to + pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + discovery: + description: Discovery discover structure used by Confluent + platform (CP) + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if + not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + endpoint: + description: Endpoint defines the endpoint for service is + format endpoint:port + minLength: 1 + pattern: .+:[0-9]+ + type: string + tls: + description: ClientTLSConfig defines TLS configuration for + CP component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + type: object + image: + description: Image defines application and init docker image configuration. + Change will roll the cluster + properties: + application: + description: Application defines application docker image name + pattern: .+:.+ + type: string + init: + description: Init defines init-container name + pattern: .+:.+ + type: string + pullPolicy: + description: ImagePullPolicy, One of Always, Never, IfNotPresent. + Defaults to IfNotPresent. + enum: + - Always + - Never + - IfNotPresent + type: string + pullSecretRef: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods + that reference this ServiceAccount. ImagePullSecrets are distinct + from Secrets because Secrets can be mounted in the pod, but + ImagePullSecrets are only accessed by the kubelet. More info: + https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: InjectAnnotations annotations are injected to all the + internal resources created by Operator. All the internal annotations + is preserved and forbidden to override. For pod annotations, use + podTemplate.annotations + type: object + injectLabels: + additionalProperties: + type: string + description: InjectLabels labels are injected to all the internal + resources created by Operator. All the internal labels is preserved + and forbidden to override. For pod labels, use podTemplate.labels + type: object + k8sClusterDomain: + description: K8SClusterDomain defines configuring kubernetes cluster + domain if required. If this setting is not configured it will default + to cluster.local domain. + type: string + license: + description: License defines license configuration for Confluent + platform component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where license key is mounted. More information + about the usage be found in Confluent Operator document. + minLength: 1 + type: string + globalLicense: + description: GlobalLicense specifies whether operator pod license + will be used for this component If enabled then Confluent platform + component shares Confluent Operator license. + type: boolean + secretRef: + description: SecretRef is secret reference which provides license + for CP component More information about the license key struct + can be found in Confluent Operator document. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + listeners: + description: Listeners defines listeners configurations + properties: + custom: + items: + description: KafkaCustomListener ... + properties: + authentication: + description: KafkaZkAuthentication defines authentication + structure for Kafka/ZK cluster. + properties: + jaasConfig: + description: JaaS defines opinionated CP component's + JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference + to pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete + JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + principalMappingRules: + items: + type: string + type: array + type: + description: Type defines supported kafka authentication + types + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + externalAccess: + description: KafkaExternalAccess allows to configure external + access for Kafka cluster + properties: + loadBalancer: + description: LoadBalancer allows to create a kubernetes + load balancer service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations + for the kubernetes service type load balancer + type: object + bootstrapPrefix: + description: BootstrapPrefix defines the prefix + for bootstrap advertised endpoint and will be + added as bootstrapPrefix.domain If not configured + it will be the cluster name of CR + minLength: 1 + type: string + brokerPrefix: + description: 'BrokerPrefix defines the prefix for + broker advertised endpoint and will be added as + brokerPrefix.domain If not configured, it will + add b as a prefix, like b#.domain where # will + start from 0 to replicas count' + minLength: 1 + type: string + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring + source range + items: + type: string + type: array + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information + on service's port. + properties: + appProtocol: + description: The application protocol for + this port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per + RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed + names such as mycompany.com/my-custom-protocol. + Field can be enabled with ServiceAppProtocol + feature gate. + type: string + name: + description: The name of this port within + the service. This must be a DNS_LABEL. All + ports within a ServiceSpec must have unique + names. When considering the endpoints for + a Service, this must match the 'name' field + in the EndpointPort. Optional if only one + ServicePort is defined on this service. + type: string + nodePort: + description: 'The port on each node on which + this service is exposed when type=NodePort + or LoadBalancer. Usually assigned by the + system. If specified, it will be allocated + to the service if unused or else creation + of the service will fail. Default is to + auto-allocate a port if the ServiceType + of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed + by this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. + Supports "TCP", "UDP", and "SCTP". Default + is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to + access on the pods targeted by the service. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. If this is + a string, it will be looked up as a named + port in the target Pod''s container ports. + If this is not specified, the value of the + ''port'' field is used (an identity map). + This field is ignored for services with + clusterIP=None, and should be omitted or + set equal to the ''port'' field. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'SessionAffinity Supports "ClientIP" + and "None". Used to maintain session affinity. + Enable client IP based session affinity. Defaults + to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the + configurations of session affinity + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the + seconds of ClientIP type session sticky + time. The value must be >0 && <=86400(for + 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes + node port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations + for the kubernetes service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node + port offset to be used and will go in the increasing + order with respect to the replicas count NodePort + service creation will fail if the node port to + be used is not in the range supported by kubernetes + api-server. The default kubernetes NodePort range + is 30000-32762 + format: int32 + minimum: 0 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) For Kafka with nodePort type, + it will only apply to kafka bootstrap service + items: + description: ServicePort contains information + on service's port. + properties: + appProtocol: + description: The application protocol for + this port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per + RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed + names such as mycompany.com/my-custom-protocol. + Field can be enabled with ServiceAppProtocol + feature gate. + type: string + name: + description: The name of this port within + the service. This must be a DNS_LABEL. All + ports within a ServiceSpec must have unique + names. When considering the endpoints for + a Service, this must match the 'name' field + in the EndpointPort. Optional if only one + ServicePort is defined on this service. + type: string + nodePort: + description: 'The port on each node on which + this service is exposed when type=NodePort + or LoadBalancer. Usually assigned by the + system. If specified, it will be allocated + to the service if unused or else creation + of the service will fail. Default is to + auto-allocate a port if the ServiceType + of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed + by this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. + Supports "TCP", "UDP", and "SCTP". Default + is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to + access on the pods targeted by the service. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. If this is + a string, it will be looked up as a named + port in the target Pod''s container ports. + If this is not specified, the value of the + ''port'' field is used (an identity map). + This field is ignored for services with + clusterIP=None, and should be omitted or + set equal to the ''port'' field. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'SessionAffinity Supports "ClientIP" + and "None". Used to maintain session affinity. + Enable client IP based session affinity. Defaults + to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the + configurations of session affinity + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the + seconds of ClientIP type session sticky + time. The value must be >0 && <=86400(for + 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service + for OpenShift Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations + for the OpenShift service type route + type: object + bootstrapPrefix: + description: BootstrapPrefix defines the prefix + for bootstrap advertised endpoint and will be + added as bootstrapPrefix.domain If not configured + it will be the cluster name of CR + minLength: 1 + type: string + brokerPrefix: + description: 'BrokerPrefix defines the prefix for + broker advertised endpoint and will be added as + brokerPrefix.domain If not configured, it will + add b as a prefix, like b#.domain where # will + start from 0 to replicas count' + minLength: 1 + type: string + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. + It defaults to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + staticForHostBasedRouting: + description: StaticForHostBasedRouting allows to integrate + with external ingress controllers by doing host based + routing through SNI capability. With this schema, + operator configures kafka advertised listeners only + and no kubernetes external service will be created. + properties: + brokerPrefix: + description: 'BrokerPrefix defines the prefix for + broker advertised endpoint and will be added as + brokerPrefix.domain If not configured, it will + add b as a prefix, like b#.domain where # will + start from 0 to replicas count' + minLength: 1 + type: string + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + port: + description: Port defines the port to be used in + the advertised listener for a broker + format: int32 + type: integer + required: + - domain + - port + type: object + staticForPortBasedRouting: + description: StaticForPortBasedRouting allows to enable + external access by port routing With this schema, + operator configures kafka advertised listeners only + and no kubernetes external service will be created. + properties: + host: + description: Host defines the host name to be used + in the advertised listener for a broker + minLength: 1 + type: string + portOffset: + description: PortOffset defines the portOffset to + be used and will go in the increasing order with + respect to the replicas count + format: int32 + type: integer + required: + - host + - portOffset + type: object + type: + description: Type defines supported kubernetes external + services + enum: + - loadBalancer + - nodePort + - route + - staticForPortBasedRouting + - staticForHostBasedRouting + type: string + required: + - type + type: object + name: + description: Name defines the name of the custom listener + internal/external/token can't be used as they are reserved + by the Operator + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + port: + description: Port will bind given port to the custom listener. + Port < 9093 is reserved by the Operator + format: int32 + minimum: 9093 + type: integer + tls: + description: ClientTLSConfig defines TLS configuration for + CP component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + required: + - name + - port + type: object + type: array + external: + description: KafkaExternalAccessListener is the kafka specific + external listener + properties: + authentication: + description: KafkaZkAuthentication defines authentication + structure for Kafka/ZK cluster. + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to + pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + principalMappingRules: + items: + type: string + type: array + type: + description: Type defines supported kafka authentication + types + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + externalAccess: + description: KafkaExternalAccess allows to configure external + access for Kafka cluster + properties: + loadBalancer: + description: LoadBalancer allows to create a kubernetes + load balancer service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations + for the kubernetes service type load balancer + type: object + bootstrapPrefix: + description: BootstrapPrefix defines the prefix for + bootstrap advertised endpoint and will be added + as bootstrapPrefix.domain If not configured it will + be the cluster name of CR + minLength: 1 + type: string + brokerPrefix: + description: 'BrokerPrefix defines the prefix for + broker advertised endpoint and will be added as + brokerPrefix.domain If not configured, it will add + b as a prefix, like b#.domain where # will start + from 0 to replicas count' + minLength: 1 + type: string + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring + source range + items: + type: string + type: array + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on + service's port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed + names such as mycompany.com/my-custom-protocol. + Field can be enabled with ServiceAppProtocol + feature gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which + this service is exposed when type=NodePort + or LoadBalancer. Usually assigned by the system. + If specified, it will be allocated to the + service if unused or else creation of the + service will fail. Default is to auto-allocate + a port if the ServiceType of this Service + requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. + Supports "TCP", "UDP", and "SCTP". Default + is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to + access on the pods targeted by the service. + Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. If this is a string, + it will be looked up as a named port in the + target Pod''s container ports. If this is + not specified, the value of the ''port'' field + is used (an identity map). This field is ignored + for services with clusterIP=None, and should + be omitted or set equal to the ''port'' field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'SessionAffinity Supports "ClientIP" + and "None". Used to maintain session affinity. Enable + client IP based session affinity. Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of session affinity + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the + seconds of ClientIP type session sticky + time. The value must be >0 && <=86400(for + 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node + port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations + for the kubernetes service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port + offset to be used and will go in the increasing + order with respect to the replicas count NodePort + service creation will fail if the node port to be + used is not in the range supported by kubernetes + api-server. The default kubernetes NodePort range + is 30000-32762 + format: int32 + minimum: 0 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) For Kafka with nodePort type, it + will only apply to kafka bootstrap service + items: + description: ServicePort contains information on + service's port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed + names such as mycompany.com/my-custom-protocol. + Field can be enabled with ServiceAppProtocol + feature gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which + this service is exposed when type=NodePort + or LoadBalancer. Usually assigned by the system. + If specified, it will be allocated to the + service if unused or else creation of the + service will fail. Default is to auto-allocate + a port if the ServiceType of this Service + requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. + Supports "TCP", "UDP", and "SCTP". Default + is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to + access on the pods targeted by the service. + Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. If this is a string, + it will be looked up as a named port in the + target Pod''s container ports. If this is + not specified, the value of the ''port'' field + is used (an identity map). This field is ignored + for services with clusterIP=None, and should + be omitted or set equal to the ''port'' field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'SessionAffinity Supports "ClientIP" + and "None". Used to maintain session affinity. Enable + client IP based session affinity. Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of session affinity + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the + seconds of ClientIP type session sticky + time. The value must be >0 && <=86400(for + 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for + OpenShift Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations + for the OpenShift service type route + type: object + bootstrapPrefix: + description: BootstrapPrefix defines the prefix for + bootstrap advertised endpoint and will be added + as bootstrapPrefix.domain If not configured it will + be the cluster name of CR + minLength: 1 + type: string + brokerPrefix: + description: 'BrokerPrefix defines the prefix for + broker advertised endpoint and will be added as + brokerPrefix.domain If not configured, it will add + b as a prefix, like b#.domain where # will start + from 0 to replicas count' + minLength: 1 + type: string + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. + It defaults to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + staticForHostBasedRouting: + description: StaticForHostBasedRouting allows to integrate + with external ingress controllers by doing host based + routing through SNI capability. With this schema, operator + configures kafka advertised listeners only and no kubernetes + external service will be created. + properties: + brokerPrefix: + description: 'BrokerPrefix defines the prefix for + broker advertised endpoint and will be added as + brokerPrefix.domain If not configured, it will add + b as a prefix, like b#.domain where # will start + from 0 to replicas count' + minLength: 1 + type: string + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + port: + description: Port defines the port to be used in the + advertised listener for a broker + format: int32 + type: integer + required: + - domain + - port + type: object + staticForPortBasedRouting: + description: StaticForPortBasedRouting allows to enable + external access by port routing With this schema, operator + configures kafka advertised listeners only and no kubernetes + external service will be created. + properties: + host: + description: Host defines the host name to be used + in the advertised listener for a broker + minLength: 1 + type: string + portOffset: + description: PortOffset defines the portOffset to + be used and will go in the increasing order with + respect to the replicas count + format: int32 + type: integer + required: + - host + - portOffset + type: object + type: + description: Type defines supported kubernetes external + services + enum: + - loadBalancer + - nodePort + - route + - staticForPortBasedRouting + - staticForHostBasedRouting + type: string + required: + - type + type: object + tls: + description: ClientTLSConfig defines TLS configuration for + CP component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + internal: + description: Listener is the base fields for component listener + configuration + properties: + authentication: + description: KafkaZkAuthentication defines authentication + structure for Kafka/ZK cluster. + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to + pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + principalMappingRules: + items: + type: string + type: array + type: + description: Type defines supported kafka authentication + types + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + tls: + description: ClientTLSConfig defines TLS configuration for + CP component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + type: object + metricReporter: + description: MetricsReporter defines the metric reporter configuration + which will be enabled by default, and piggyback internal listener's + authentication and TLS if it is not set + properties: + authentication: + description: KafkaClientAuthentication defines the authentication + structure for all dependent CP Component for Kafka Cluster. + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + type: string + enabled: + type: boolean + replicationFactor: + format: int32 + type: integer + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + required: + - enabled + type: object + metrics: + description: Metrics specifies the security settings for metric services + properties: + authentication: + description: Metrics security authentication + properties: + type: + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: Override for jmx-prometheus exporter configs + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Prometheus exporter rule override + properties: + attrNameSnakeCase: + type: boolean + cache: + type: boolean + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: MountedSecrets defines list of secrets reference injected + to the the underlying statefulset configuration. The secret reference + is mounted secret mounted in default path /mnt/secrets/. + The underlying resources will follow the secret as a file configuration + as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod + Change will roll the cluster + items: + description: MountedSecrets allows provides a way to inject custom + secret to underlying statefulset. + properties: + keyItems: + description: keyItems is list of key and path names + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be in + conflict with other options that affect the file mode, + like fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: SecretRef defines the secret name referenced + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + oneReplicaPerNode: + description: OneReplicaPerNode enforces to run 1 pod per node through + pod anti-affinity capability. Enabling this configuration in existing + cluster will roll. Change will roll the cluster + type: boolean + podTemplate: + description: PodTemplate defines some statefulset pod template configuration + properties: + affinity: + description: 'Affinity is a group of affinity scheduling rules. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from + its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term + matches no objects. The requirements of them are + ANDed. The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node that + violates one or more of the expressions. The node that + is most preferred is the one with the greatest sum of + weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod + label update), the system may or may not try to eventually + evict the pod from its node. When there are multiple + elements, the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations defines an unstructured key value map + stored with a resource that may be set by external tools to + store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + envVars: + description: 'EnvVars defines the collection of EnvVar to inject + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Labels defines map of string keys and values that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present + in container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to + all containers in a pod. Some volume types allow the Kubelet + to change the ownership of that volume to be owned by the + pod: \n 1. The owning GID will be the FSGroup 2. The setgid + bit is set (new files created in the volume will be owned + by FSGroup) 3. The permission bits are OR'd with rw-rw---- + \n If unset, the Kubelet will not modify the ownership and + permissions of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence + for that container. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process + run in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options within a container's + SecurityContext will be used. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName defines priority class for the + pod (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: Probe defines some fields of standard kubernetes + readiness/liveness probe configuration. + properties: + liveness: + description: Liveness allows to configure some some probe + configuration The changes will override the existing default + configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has + started before probes are initiated. CP component comes + with right configuration, not required to change most + of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + readiness: + description: Readiness allows to configure some some probe + configuration The changes will override the existing default + configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has + started before probes are initiated. CP component comes + with right configuration, not required to change most + of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + type: object + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds defines grace period + for pod deletion + format: int64 + type: integer + tolerations: + description: Tolerations defines The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator . + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraints describes how a group of + pods ought to spread across topology domains. Scheduler will + schedule pods in a way which abides by the constraints. All + topologySpreadConstraints are ANDed. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods + may be unevenly distributed. It''s the maximum permitted + difference between the number of matching pods in any + two topology domains of a given topology type. For example, + in a 3-zone cluster, MaxSkew is set to 1, and pods with + the same labelSelector spread as 1/1/0: | zone1 | zone2 + | zone3 | | P | P | | - if MaxSkew is 1, + incoming pod can only be scheduled to zone3 to become + 1/1/1; scheduling it onto zone1(zone2) would make the + ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - + if MaxSkew is 2, incoming pod can be scheduled onto any + zone. It''s a required field. Default value is 1 and 0 + is not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - + DoNotSchedule (default) tells the scheduler not to schedule + it - ScheduleAnyway tells the scheduler to still schedule + it It''s considered as "Unsatisfiable" if and only if + placing incoming pod on any topology violates "MaxSkew". + For example, in a 3-zone cluster, MaxSkew is set to 1, + and pods with the same labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | | P P P | P | P | If + WhenUnsatisfiable is set to DoNotSchedule, incoming pod + can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). + In other words, the cluster can still be imbalanced, but + scheduler won''t make it *more* imbalanced. It''s a required + field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + rackAssignment: + description: RackAssignment defines the rack awareness capability + for kafka + properties: + availabilityZoneCount: + description: AvailabilityZoneCount if configured will configure + broker.rack with formula (pod_id % azCount) this is mainly for + backwards compatibility with Operator 1.0 + format: int32 + type: integer + nodeLabels: + description: NodeLabels if configured uses the kubernetes node + APIs to to retrieve the value to be used in the broker.rack. + This feature requires Confluent Operaotr to run in cluster-level + access + items: + type: string + minItems: 1 + type: array + type: object + replicas: + description: Replicas is the desired number of replicas of the given + Template. Change will roll the cluster + format: int32 + type: integer + services: + description: KafkaServices defines services supported part of kafka + properties: + kafkaRest: + description: RestApiServer embedded rest api server + properties: + authentication: + description: RestServerAuthentication server authentication + support to the CP Component + properties: + basic: + description: Basic defines basic authentication + properties: + debug: + description: Debug enables basic auth debug logs if + true for JAAS configuration + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass + basic credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles + on the server side only. Changes will be only reflected + in ControlCenter (C3). This configuration is ignored + on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is ignored + on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest Server + enum: + - basic + - mtls + type: string + required: + - type + type: object + externalAccess: + description: CPExternalAccess holds all external access policies + for non-kafka components + properties: + loadBalancer: + description: LoadBalancer allows to create a kubernetes + load balancer service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations + for the kubernetes service type load balancer + type: object + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring + source range + items: + type: string + type: array + port: + description: Port allows to configure external port + for client consumption If not configured, same internal/external + port will be configured per component Information + about the port can be retrieved through status API + format: int32 + type: integer + prefix: + description: Prefix will add prefix when configured + for the given domain If prefix is not configured, + the name of the cluster will be used as a default + value + minLength: 1 + type: string + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on + service's port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed + names such as mycompany.com/my-custom-protocol. + Field can be enabled with ServiceAppProtocol + feature gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which + this service is exposed when type=NodePort + or LoadBalancer. Usually assigned by the system. + If specified, it will be allocated to the + service if unused or else creation of the + service will fail. Default is to auto-allocate + a port if the ServiceType of this Service + requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. + Supports "TCP", "UDP", and "SCTP". Default + is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to + access on the pods targeted by the service. + Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. If this is a string, + it will be looked up as a named port in the + target Pod''s container ports. If this is + not specified, the value of the ''port'' field + is used (an identity map). This field is ignored + for services with clusterIP=None, and should + be omitted or set equal to the ''port'' field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'SessionAffinity Supports "ClientIP" + and "None". Used to maintain session affinity. Enable + client IP based session affinity. Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of session affinity + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the + seconds of ClientIP type session sticky + time. The value must be >0 && <=86400(for + 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node + port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations + for the kubernetes service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port + offset to be used and will go in the increasing + order with respect to the replicas count NodePort + service creation will fail if the node port to be + used is not in the range supported by kubernetes + api-server. The default kubernetes NodePort range + is 30000-32762 + format: int32 + minimum: 0 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) For Kafka with nodePort type, it + will only apply to kafka bootstrap service + items: + description: ServicePort contains information on + service's port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed + names such as mycompany.com/my-custom-protocol. + Field can be enabled with ServiceAppProtocol + feature gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which + this service is exposed when type=NodePort + or LoadBalancer. Usually assigned by the system. + If specified, it will be allocated to the + service if unused or else creation of the + service will fail. Default is to auto-allocate + a port if the ServiceType of this Service + requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. + Supports "TCP", "UDP", and "SCTP". Default + is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to + access on the pods targeted by the service. + Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. If this is a string, + it will be looked up as a named port in the + target Pod''s container ports. If this is + not specified, the value of the ''port'' field + is used (an identity map). This field is ignored + for services with clusterIP=None, and should + be omitted or set equal to the ''port'' field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'SessionAffinity Supports "ClientIP" + and "None". Used to maintain session affinity. Enable + client IP based session affinity. Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of session affinity + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the + seconds of ClientIP type session sticky + time. The value must be >0 && <=86400(for + 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for + OpenShift Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations + for the OpenShift service type route + type: object + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + prefix: + description: Prefix will add prefix when configured + for the given domain If prefix is not configured, + the name of the cluster will be used as a default + value + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. + It defaults to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: Type defines supported kubernetes external + services + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + tls: + description: ClientTLSConfig defines TLS configuration for + CP component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: MetaDataServer + properties: + authentication: + description: MDSAuthentication supported MDS server configuration + properties: + type: + enum: + - bearer + type: string + required: + - type + type: object + externalAccess: + description: CPExternalAccess holds all external access policies + for non-kafka components + properties: + loadBalancer: + description: LoadBalancer allows to create a kubernetes + load balancer service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations + for the kubernetes service type load balancer + type: object + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring + source range + items: + type: string + type: array + port: + description: Port allows to configure external port + for client consumption If not configured, same internal/external + port will be configured per component Information + about the port can be retrieved through status API + format: int32 + type: integer + prefix: + description: Prefix will add prefix when configured + for the given domain If prefix is not configured, + the name of the cluster will be used as a default + value + minLength: 1 + type: string + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on + service's port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed + names such as mycompany.com/my-custom-protocol. + Field can be enabled with ServiceAppProtocol + feature gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which + this service is exposed when type=NodePort + or LoadBalancer. Usually assigned by the system. + If specified, it will be allocated to the + service if unused or else creation of the + service will fail. Default is to auto-allocate + a port if the ServiceType of this Service + requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. + Supports "TCP", "UDP", and "SCTP". Default + is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to + access on the pods targeted by the service. + Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. If this is a string, + it will be looked up as a named port in the + target Pod''s container ports. If this is + not specified, the value of the ''port'' field + is used (an identity map). This field is ignored + for services with clusterIP=None, and should + be omitted or set equal to the ''port'' field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'SessionAffinity Supports "ClientIP" + and "None". Used to maintain session affinity. Enable + client IP based session affinity. Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of session affinity + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the + seconds of ClientIP type session sticky + time. The value must be >0 && <=86400(for + 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node + port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations + for the kubernetes service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port + offset to be used and will go in the increasing + order with respect to the replicas count NodePort + service creation will fail if the node port to be + used is not in the range supported by kubernetes + api-server. The default kubernetes NodePort range + is 30000-32762 + format: int32 + minimum: 0 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) For Kafka with nodePort type, it + will only apply to kafka bootstrap service + items: + description: ServicePort contains information on + service's port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed + names such as mycompany.com/my-custom-protocol. + Field can be enabled with ServiceAppProtocol + feature gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which + this service is exposed when type=NodePort + or LoadBalancer. Usually assigned by the system. + If specified, it will be allocated to the + service if unused or else creation of the + service will fail. Default is to auto-allocate + a port if the ServiceType of this Service + requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. + Supports "TCP", "UDP", and "SCTP". Default + is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to + access on the pods targeted by the service. + Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. If this is a string, + it will be looked up as a named port in the + target Pod''s container ports. If this is + not specified, the value of the ''port'' field + is used (an identity map). This field is ignored + for services with clusterIP=None, and should + be omitted or set equal to the ''port'' field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'SessionAffinity Supports "ClientIP" + and "None". Used to maintain session affinity. Enable + client IP based session affinity. Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of session affinity + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the + seconds of ClientIP type session sticky + time. The value must be >0 && <=86400(for + 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for + OpenShift Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations + for the OpenShift service type route + type: object + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + prefix: + description: Prefix will add prefix when configured + for the given domain If prefix is not configured, + the name of the cluster will be used as a default + value + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. + It defaults to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: Type defines supported kubernetes external + services + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + provider: + properties: + ldap: + description: LdapService LDAP configuration for RBAC + properties: + address: + type: string + authentication: + description: LdapAuthentication supported ldap configuration + for RBAC + properties: + simple: + description: LdapSimpleAuthentication load credential + either for secret or directory path in container + for RBAC + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - simple + - mtls + type: string + required: + - type + type: object + configurations: + description: LdapSettings ldap configurations for + CP RBAC. Anything missing can be passed through + configOverride capability + properties: + groupMemberAttribute: + minLength: 1 + type: string + groupMemberAttributePattern: + minLength: 1 + type: string + groupNameAttribute: + minLength: 1 + type: string + groupObjectClass: + minLength: 1 + type: string + groupSearchBase: + minLength: 1 + type: string + groupSearchFilter: + minLength: 1 + type: string + groupSearchScope: + format: int32 + type: integer + userMemberOfAttributePattern: + minLength: 1 + type: string + userNameAttribute: + minLength: 1 + type: string + userObjectClass: + minLength: 1 + type: string + userSearchBase: + minLength: 1 + type: string + userSearchFilter: + minLength: 1 + type: string + userSearchScope: + format: int32 + type: integer + type: object + tls: + description: ClientTLSConfig defines TLS configuration + for CP component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains + the directory path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration + for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure + ignores the truststore configuration for CP + component + type: boolean + jksPassword: + description: JksPassword defines the secret name + referenced for jks password + properties: + secretRef: + description: SecretRef defines the secret + name referenced for jks password More information + about jks password key/value format can + be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name + referenced for certificates More information + about certificates key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + required: + - address + - authentication + - configurations + type: object + type: + enum: + - ldap + type: string + required: + - ldap + - type + type: object + tls: + description: ClientTLSConfig defines TLS configuration for + CP component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: MDSTokenKeyPair load either through secretRef + or directory path + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - provider + - tokenKeyPair + type: object + type: object + storageClass: + description: StorageClass defines the user provided storage class. + If not configured, it will use default storage class. + properties: + name: + description: Name defines name is the storage class reference + name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + telemetry: + description: ConfluentTelemetry defines the confluent telemetry reporter + configuration + properties: + global: + description: Global will allow disabling telemetry configuration. + If Operator is deployed with telemetry, this field is only is + used to disabled. By default the value is true if telemetry + is enabled in global level. + type: boolean + type: object + tls: + description: TLS defines the global level TLS configuration which + can be used by listeners and services if they all want to share + same certificate. + properties: + autoGeneratedCerts: + description: AutoGenerated if configures generates the certificates + based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where keystore/truststore.jks/jksPassword.txt keys + are mounted. CP will not configure truststore.jks can be ignored + with IgnoreTrustStoreConfig field + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced for + jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value format + can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - dataVolumeCapacity + - image + - replicas + type: object + status: + description: KafkaStatus defines the observed state of KafkaServer + properties: + authorizationType: + type: string + brokerIdOffset: + format: int32 + type: integer + clusterName: + description: ClusterName defines the name of the cluster + type: string + clusterNamespace: + description: ClusterNamespace provides the namespace where cluster + is running + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition + is evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + currentReplicas: + description: CurrentReplicas defines current running replicas + format: int32 + type: integer + externalClient: + type: string + internalSecrets: + description: InternalSecrets defines the list of internal secrets + created by Operator for each CP component. + items: + type: string + type: array + internalTopicNames: + description: InternalTopicNames is a list of topics used by the component + for internal use + items: + type: string + type: array + listeners: + additionalProperties: + properties: + advertisedExternalEndpoints: + description: AdvertisedExternalEndpoints defines other advertised + endpoints, especially use for kafka + items: + type: string + type: array + authenticationType: + description: AuthenticationType defines authentication type + configured by a listener + type: string + client: + type: string + externalAccessType: + description: ExternalAccessType is the external access type + used for the listener + type: string + externalEndpoint: + description: ExternalEndpoint defines the external endpoint + to connect to the service + type: string + internalEndpoint: + description: InternalEndpoint defines the internal endpoint + to connect to the service + type: string + tls: + description: TLS defines whether tls is configured by a listener + type: boolean + type: object + type: object + minISR: + format: int32 + type: integer + operatorVersion: + description: OperatorVersion defines the internal version of operator + type: string + phase: + description: Phase defines the state of the CP component + type: string + readyReplicas: + description: ReadyReplicas defines current ready replicas + format: int32 + type: integer + replicas: + description: Replicas defines replicas + format: int32 + type: integer + replicationFactor: + format: int32 + type: integer + selector: + description: Selector gets the label selector of the child pod. The + Horizontal Pod Autoscaler(HPA) will scale using label selector of + the child pod. + type: string + services: + additionalProperties: + description: ListenerStatus describes general information about + a listeners + properties: + advertisedExternalEndpoints: + description: AdvertisedExternalEndpoints defines other advertised + endpoints, especially use for kafka + items: + type: string + type: array + authenticationType: + description: AuthenticationType defines authentication type + configured by a listener + type: string + externalAccessType: + description: ExternalAccessType is the external access type + used for the listener + type: string + externalEndpoint: + description: ExternalEndpoint defines the external endpoint + to connect to the service + type: string + internalEndpoint: + description: InternalEndpoint defines the internal endpoint + to connect to the service + type: string + tls: + description: TLS defines whether tls is configured by a listener + type: boolean + type: object + type: object + zookeeperConnect: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.1.1/crds/platform.confluent.io_kafkatopics.yaml b/base/cfk-base/2.1.1/crds/platform.confluent.io_kafkatopics.yaml new file mode 100644 index 0000000..6936def --- /dev/null +++ b/base/cfk-base/2.1.1/crds/platform.confluent.io_kafkatopics.yaml @@ -0,0 +1,264 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_kafkatopics.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: kafkatopics.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: KafkaTopic + listKind: KafkaTopicList + plural: kafkatopics + shortNames: + - kt + - topic + singular: kafkatopic + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.replicas + name: Replicas + type: string + - jsonPath: .status.partitionCount + name: Partition + type: string + - jsonPath: .status.state + name: Status + type: string + - jsonPath: .status.kafkaClusterId + name: ClusterId + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.kafkaCluster + name: KafkaCluster + priority: 1 + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: KafkaTopic is the Schema for the kafkatopics API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KafkaTopicSpec defines the desired state of KafkaTopic + properties: + configs: + additionalProperties: + type: string + description: Configs allows passing configs for topic More information + about topic configs is available here https://docs.confluent.io/current/installation/configuration/topic-configs.html + type: object + kafkaClusterRef: + description: KafkaClusterRef defines the name of the kafka cluster + properties: + name: + description: Name defines name of the cluster + type: string + namespace: + description: Namespace defines namespace where cluster is running + type: string + required: + - name + type: object + kafkaRest: + description: KafkaRestRef defines the Kafka Rest API configuration + properties: + authentication: + description: Authentication defines the Rest API authentication + mechanism + properties: + basic: + description: Basic defines basic authentication for the rest + client + properties: + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + bearer: + description: BearerAuthentication defines bearer authentication + for the rest client + properties: + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: + enum: + - basic + - bearer + - mtls + type: string + required: + - type + type: object + endpoint: + description: Endpoint defines where confluent Rest API is running + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: TLSDependencyConfig defines custom TLS structure + for the child resources(connector, topic, schema, etc) of CP + component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. + minLength: 1 + type: string + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: object + kafkaRestClassRef: + description: KafkaRestClassRef defines the reference for KafkaRestClass + which defines Kafka Rest API + properties: + name: + description: Name defines the name of KafkaRestClass + minLength: 1 + type: string + namespace: + description: Namespace defines the namespace of the KafkaRestClass + type: string + required: + - name + type: object + name: + description: Name defines the topic name. If not configured uses the + CR name as topic name. + maxLength: 255 + minLength: 1 + pattern: ^[a-zA-Z0-9\._\-]*$ + type: string + partitionCount: + description: PartitionCount defines the partition count. If not configured + then it will be defaulted to whatever kafkarest V3 APIs supports + format: int32 + type: integer + replicas: + description: Replicas defines the replication factor for a topic. + If not configured then it will be defaulted to whatever kafkarest + V3 APIs supports + format: int32 + type: integer + type: object + status: + description: KafkaTopicStatus defines the observed state of KafkaTopic + properties: + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition + is evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + kafkaCluster: + type: string + kafkaClusterId: + type: string + kafkaRestEndpoint: + type: string + partitionCount: + format: int32 + type: integer + replicas: + format: int32 + type: integer + state: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/crds/crds/platform.confluent.io_ksqldbs.yaml b/base/cfk-base/2.1.1/crds/platform.confluent.io_ksqldbs.yaml similarity index 100% rename from base/crds/crds/platform.confluent.io_ksqldbs.yaml rename to base/cfk-base/2.1.1/crds/platform.confluent.io_ksqldbs.yaml diff --git a/base/cfk-base/2.1.1/crds/platform.confluent.io_migrationjobs.yaml b/base/cfk-base/2.1.1/crds/platform.confluent.io_migrationjobs.yaml new file mode 100644 index 0000000..adb0bb7 --- /dev/null +++ b/base/cfk-base/2.1.1/crds/platform.confluent.io_migrationjobs.yaml @@ -0,0 +1,691 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_migrationjobs.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: migrationjobs.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: MigrationJob + listKind: MigrationJobList + plural: migrationjobs + shortNames: + - migrationjob + - migration + singular: migrationjob + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: MigrationJob is the Schema for the migrationjobs API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MigrationJobSpec defines the desired state of MigrationJob + properties: + blockReconcile: + type: boolean + connect: + description: ConnectMigrationJobSpec defines the desired state of + Connect after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that + may be set by external tools to store and retrieve arbitrary + metadata. They are not queryable and should be preserved when + modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing + configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing + configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing + configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication + controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must + be unique. An empty namespace is equivalent to the "default" + namespace, but "default" is the canonical representation. Not + all objects are required to be scoped to a namespace - the value + of this field for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + controlcenter: + description: ControlCenterMigrationJobSpec defines the desired state + of ControlCenter after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that + may be set by external tools to store and retrieve arbitrary + metadata. They are not queryable and should be preserved when + modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing + configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing + configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing + configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication + controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must + be unique. An empty namespace is equivalent to the "default" + namespace, but "default" is the canonical representation. Not + all objects are required to be scoped to a namespace - the value + of this field for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + initContainerImage: + minLength: 1 + type: string + kafka: + description: KafkaMigrationJobSpec defines the descired state of Kafka + after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that + may be set by external tools to store and retrieve arbitrary + metadata. They are not queryable and should be preserved when + modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing + configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing + configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing + configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication + controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must + be unique. An empty namespace is equivalent to the "default" + namespace, but "default" is the canonical representation. Not + all objects are required to be scoped to a namespace - the value + of this field for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + ksqldb: + description: KsqlDBMigrationJobSpec defines the desired state of KsqlDB + after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that + may be set by external tools to store and retrieve arbitrary + metadata. They are not queryable and should be preserved when + modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing + configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing + configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing + configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication + controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must + be unique. An empty namespace is equivalent to the "default" + namespace, but "default" is the canonical representation. Not + all objects are required to be scoped to a namespace - the value + of this field for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + pullSecretRef: + items: + type: string + type: array + replicator: + description: ReplicatorMigrationJobSpec defines the desired state + of Replicator after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that + may be set by external tools to store and retrieve arbitrary + metadata. They are not queryable and should be preserved when + modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing + configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing + configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing + configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication + controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must + be unique. An empty namespace is equivalent to the "default" + namespace, but "default" is the canonical representation. Not + all objects are required to be scoped to a namespace - the value + of this field for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + schemaRegistry: + description: SchemaRegistryMigrationJobSpec defines the desired state + of SchemaRegistry after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that + may be set by external tools to store and retrieve arbitrary + metadata. They are not queryable and should be preserved when + modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing + configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing + configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing + configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication + controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must + be unique. An empty namespace is equivalent to the "default" + namespace, but "default" is the canonical representation. Not + all objects are required to be scoped to a namespace - the value + of this field for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + skipCleanup: + type: boolean + skipRollback: + type: boolean + zookeeper: + description: ZookeeperMigrationJobSpec defines the desired state of + Zookeeper after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that + may be set by external tools to store and retrieve arbitrary + metadata. They are not queryable and should be preserved when + modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing + configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing + configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing + configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication + controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must + be unique. An empty namespace is equivalent to the "default" + namespace, but "default" is the canonical representation. Not + all objects are required to be scoped to a namespace - the value + of this field for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + required: + - initContainerImage + type: object + status: + description: MigrationJobStatus defines the observed state of MigrationJob + properties: + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition + is evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + connect: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + controlcenter: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + kafka: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + ksqldb: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + phase: + type: string + replicator: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + schemaRegistry: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + zookeeper: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + required: + - phase + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/crds/crds/platform.confluent.io_schemaregistries.yaml b/base/cfk-base/2.1.1/crds/platform.confluent.io_schemaregistries.yaml similarity index 100% rename from base/crds/crds/platform.confluent.io_schemaregistries.yaml rename to base/cfk-base/2.1.1/crds/platform.confluent.io_schemaregistries.yaml diff --git a/base/cfk-base/2.1.1/crds/platform.confluent.io_schemas.yaml b/base/cfk-base/2.1.1/crds/platform.confluent.io_schemas.yaml new file mode 100644 index 0000000..78950be --- /dev/null +++ b/base/cfk-base/2.1.1/crds/platform.confluent.io_schemas.yaml @@ -0,0 +1,400 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_schemas.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: schemas.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: Schema + listKind: SchemaList + plural: schemas + shortNames: + - schema + singular: schema + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.phase + name: Status + type: string + - jsonPath: .status.SchemaRegistryEndpoint + name: schemaregistry + priority: 1 + type: string + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SchemaSpec defines the desired state of Schema + properties: + data: + description: Data defines the data required to create a schema + properties: + configRef: + description: ConfigRef is the name of the Kubernetes ConfigMap + resource containing the schema + minLength: 1 + type: string + format: + description: Format is the the type of format of the encoded schema + enum: + - avro + - json + - protobuf + minLength: 1 + type: string + required: + - configRef + - format + type: object + schemaReferences: + description: SchemaReferences defines a list of schema references + in the schema data + items: + description: SchemaReference is a schema to be used as a reference + as part of creating a new schema + properties: + avro: + description: Avro is the data for the referenced avro schema + properties: + avro: + description: Name is the reference name using the fully + qualified schema name + minLength: 1 + type: string + required: + - avro + type: object + format: + description: Format is the the type of format of the referenced + schema + enum: + - avro + - json + - protobuf + minLength: 1 + type: string + json: + description: JSON is the data for the referenced json schema + properties: + url: + description: URL is the reference name + minLength: 1 + type: string + required: + - url + type: object + protobuf: + description: Protobuf is the data for the referenced protobuf + schema + properties: + file: + description: File is the file name of the references protobuf + schema + minLength: 1 + type: string + required: + - file + type: object + subject: + description: Subject is the name of the subject for the referenced + schema through the configref + minLength: 1 + type: string + version: + description: Version is the the type of version of the referenced + schema + format: int32 + type: integer + required: + - format + - subject + - version + type: object + type: array + schemaRegistryClusterRef: + description: SchemaRegistryClusterRef defines the discovery section + to refer to a CFK managed schemaregistry cluster + properties: + name: + description: Name defines name of the cluster + type: string + namespace: + description: Namespace defines namespace where cluster is running + type: string + required: + - name + type: object + schemaRegistryRest: + description: SchemaRegistryRestApiInfo defines SchemaRegistry Rest + API configuration + properties: + authentication: + description: Authentication defines the Rest API authentication + mechanism + properties: + basic: + description: Basic defines basic authentication for the rest + client + properties: + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + bearer: + description: BearerAuthentication defines bearer authentication + for the rest client + properties: + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: + enum: + - basic + - bearer + - mtls + type: string + required: + - type + type: object + endpoint: + description: Endpoint defines where confluent Rest API is running + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: TLSDependencyConfig defines custom TLS structure + for the child resources(connector, topic, schema, etc) of CP + component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. + minLength: 1 + type: string + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: object + required: + - data + type: object + status: + description: SchemaStatus defines the observed state of Schema + properties: + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition + is evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + deletedVersions: + description: DeletedVersions lists the successful hard deleted versions + for the subject of the cr + items: + format: int32 + type: integer + type: array + format: + description: Format defines the format the latest schema for the subject + type: string + id: + description: ID defines the id of the latest schema for the subject + format: int32 + type: integer + schemaReferences: + description: SchemaReferences lists the schema references for the + latest schema for the subhect + items: + description: SchemaReference is a schema to be used as a reference + as part of creating a new schema + properties: + avro: + description: Avro is the data for the referenced avro schema + properties: + avro: + description: Name is the reference name using the fully + qualified schema name + minLength: 1 + type: string + required: + - avro + type: object + format: + description: Format is the the type of format of the referenced + schema + enum: + - avro + - json + - protobuf + minLength: 1 + type: string + json: + description: JSON is the data for the referenced json schema + properties: + url: + description: URL is the reference name + minLength: 1 + type: string + required: + - url + type: object + protobuf: + description: Protobuf is the data for the referenced protobuf + schema + properties: + file: + description: File is the file name of the references protobuf + schema + minLength: 1 + type: string + required: + - file + type: object + subject: + description: Subject is the name of the subject for the referenced + schema through the configref + minLength: 1 + type: string + version: + description: Version is the the type of version of the referenced + schema + format: int32 + type: integer + required: + - format + - subject + - version + type: object + type: array + schemaRegistryAuthenticationType: + description: SchemaRegistryAuthenticationType defines the type of + auth used + type: string + schemaRegistryEndpoint: + description: Endpoint defines the SchemaRegistry Rest endpoint + type: string + schemaRegistryTLS: + description: SchemaRegistryTLS defines the whether the schema registry + is using tls + type: boolean + softDeletedVersions: + description: SoftDeletedVersions lists the successful soft deleted + versions for the subject of the cr + items: + format: int32 + type: integer + type: array + state: + description: State defines the state of the Schema CR + type: string + subject: + description: Subject defines the subject of the schema resource + type: string + version: + description: Version defines the version of the latest schema for + the subject + format: int32 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.1.1/crds/platform.confluent.io_zookeepers.yaml b/base/cfk-base/2.1.1/crds/platform.confluent.io_zookeepers.yaml new file mode 100644 index 0000000..08ff812 --- /dev/null +++ b/base/cfk-base/2.1.1/crds/platform.confluent.io_zookeepers.yaml @@ -0,0 +1,1707 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_zookeepers.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: zookeepers.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: Zookeeper + listKind: ZookeeperList + plural: zookeepers + shortNames: + - zookeeper + - zk + singular: zookeeper + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.replicas + name: Replicas + type: string + - jsonPath: .status.readyReplicas + name: Ready + type: string + - jsonPath: .status.phase + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.endpoint + name: Endpoint + priority: 1 + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: Zookeeper is the Schema for the zookeepers API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ZookeeperSpec defines the desired state of Confluent Platform + (CP) component, Zookeeper + properties: + authentication: + description: Authentication defines support authentication configuration + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass required + credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + principalMappingRules: + items: + type: string + type: array + type: + description: Type defines supported kafka authentication types + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + configOverrides: + description: ConfigurationOverrides defines capability to override + server/jvm/log4j properties for each Confluent platform component. + Change will roll the cluster + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + dataVolumeCapacity: + anyOf: + - type: integer + - type: string + description: DataVolumeCapacity defines the data volume size + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + image: + description: Image defines application and init docker image configuration. + Change will roll the cluster + properties: + application: + description: Application defines application docker image name + pattern: .+:.+ + type: string + init: + description: Init defines init-container name + pattern: .+:.+ + type: string + pullPolicy: + description: ImagePullPolicy, One of Always, Never, IfNotPresent. + Defaults to IfNotPresent. + enum: + - Always + - Never + - IfNotPresent + type: string + pullSecretRef: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods + that reference this ServiceAccount. ImagePullSecrets are distinct + from Secrets because Secrets can be mounted in the pod, but + ImagePullSecrets are only accessed by the kubelet. More info: + https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: InjectAnnotations annotations are injected to all the + internal resources created by Operator. All the internal annotations + is preserved and forbidden to override. For pod annotations, use + podTemplate.annotations + type: object + injectLabels: + additionalProperties: + type: string + description: InjectLabels labels are injected to all the internal + resources created by Operator. All the internal labels is preserved + and forbidden to override. For pod labels, use podTemplate.labels + type: object + k8sClusterDomain: + description: K8SClusterDomain defines configuring kubernetes cluster + domain if required. If this setting is not configured it will default + to cluster.local domain. + type: string + license: + description: License defines license configuration for Confluent + platform component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where license key is mounted. More information + about the usage be found in Confluent Operator document. + minLength: 1 + type: string + globalLicense: + description: GlobalLicense specifies whether operator pod license + will be used for this component If enabled then Confluent platform + component shares Confluent Operator license. + type: boolean + secretRef: + description: SecretRef is secret reference which provides license + for CP component More information about the license key struct + can be found in Confluent Operator document. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + logVolumeCapacity: + anyOf: + - type: integer + - type: string + description: LogVolumeCapacity defines the log volume size + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + metrics: + description: Metrics specifies the security settings for metric services + properties: + authentication: + description: Metrics security authentication + properties: + type: + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: Override for jmx-prometheus exporter configs + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Prometheus exporter rule override + properties: + attrNameSnakeCase: + type: boolean + cache: + type: boolean + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: MountedSecrets defines list of secrets reference injected + to the the underlying statefulset configuration. The secret reference + is mounted secret mounted in default path /mnt/secrets/. + The underlying resources will follow the secret as a file configuration + as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod + Change will roll the cluster + items: + description: MountedSecrets allows provides a way to inject custom + secret to underlying statefulset. + properties: + keyItems: + description: keyItems is list of key and path names + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be in + conflict with other options that affect the file mode, + like fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: SecretRef defines the secret name referenced + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + oneReplicaPerNode: + description: OneReplicaPerNode enforces to run 1 pod per node through + pod anti-affinity capability. Enabling this configuration in existing + cluster will roll. Change will roll the cluster + type: boolean + podTemplate: + description: PodTemplate defines some statefulset pod template configuration + properties: + affinity: + description: 'Affinity is a group of affinity scheduling rules. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from + its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term + matches no objects. The requirements of them are + ANDed. The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node that + violates one or more of the expressions. The node that + is most preferred is the one with the greatest sum of + weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod + label update), the system may or may not try to eventually + evict the pod from its node. When there are multiple + elements, the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations defines an unstructured key value map + stored with a resource that may be set by external tools to + store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + envVars: + description: 'EnvVars defines the collection of EnvVar to inject + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Labels defines map of string keys and values that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present + in container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to + all containers in a pod. Some volume types allow the Kubelet + to change the ownership of that volume to be owned by the + pod: \n 1. The owning GID will be the FSGroup 2. The setgid + bit is set (new files created in the volume will be owned + by FSGroup) 3. The permission bits are OR'd with rw-rw---- + \n If unset, the Kubelet will not modify the ownership and + permissions of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence + for that container. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process + run in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options within a container's + SecurityContext will be used. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName defines priority class for the + pod (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: Probe defines some fields of standard kubernetes + readiness/liveness probe configuration. + properties: + liveness: + description: Liveness allows to configure some some probe + configuration The changes will override the existing default + configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has + started before probes are initiated. CP component comes + with right configuration, not required to change most + of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + readiness: + description: Readiness allows to configure some some probe + configuration The changes will override the existing default + configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has + started before probes are initiated. CP component comes + with right configuration, not required to change most + of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + type: object + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds defines grace period + for pod deletion + format: int64 + type: integer + tolerations: + description: Tolerations defines The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator . + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraints describes how a group of + pods ought to spread across topology domains. Scheduler will + schedule pods in a way which abides by the constraints. All + topologySpreadConstraints are ANDed. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods + may be unevenly distributed. It''s the maximum permitted + difference between the number of matching pods in any + two topology domains of a given topology type. For example, + in a 3-zone cluster, MaxSkew is set to 1, and pods with + the same labelSelector spread as 1/1/0: | zone1 | zone2 + | zone3 | | P | P | | - if MaxSkew is 1, + incoming pod can only be scheduled to zone3 to become + 1/1/1; scheduling it onto zone1(zone2) would make the + ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - + if MaxSkew is 2, incoming pod can be scheduled onto any + zone. It''s a required field. Default value is 1 and 0 + is not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - + DoNotSchedule (default) tells the scheduler not to schedule + it - ScheduleAnyway tells the scheduler to still schedule + it It''s considered as "Unsatisfiable" if and only if + placing incoming pod on any topology violates "MaxSkew". + For example, in a 3-zone cluster, MaxSkew is set to 1, + and pods with the same labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | | P P P | P | P | If + WhenUnsatisfiable is set to DoNotSchedule, incoming pod + can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). + In other words, the cluster can still be imbalanced, but + scheduler won''t make it *more* imbalanced. It''s a required + field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + replicas: + description: Replicas is the desired number of replicas of the given + Template. Change will roll the cluster + format: int32 + type: integer + storageClass: + description: StorageClass defines the user provided storage class. + If not configured, it will use default storage class. + properties: + name: + description: Name defines name is the storage class reference + name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLS defines TLS setting + properties: + autoGeneratedCerts: + description: AutoGenerated if configures generates the certificates + based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where keystore/truststore.jks/jksPassword.txt keys + are mounted. CP will not configure truststore.jks can be ignored + with IgnoreTrustStoreConfig field + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced for + jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value format + can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - dataVolumeCapacity + - image + - logVolumeCapacity + - replicas + type: object + status: + description: ZookeeperStatus defines the observed state of Zookeeper + properties: + authenticationType: + type: string + authorizationType: + type: string + clusterName: + description: ClusterName defines the name of the cluster + type: string + clusterNamespace: + description: ClusterNamespace provides the namespace where cluster + is running + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition + is evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + currentReplicas: + description: CurrentReplicas defines current running replicas + format: int32 + type: integer + endpoint: + type: string + internalSecrets: + description: InternalSecrets defines the list of internal secrets + created by Operator for each CP component. + items: + type: string + type: array + internalTopicNames: + description: InternalTopicNames is a list of topics used by the component + for internal use + items: + type: string + type: array + myIdOffset: + description: MyIdOffset myid offset configuration + format: int32 + type: integer + operatorVersion: + description: OperatorVersion defines the internal version of operator + type: string + phase: + description: Phase defines the state of the CP component + type: string + readyReplicas: + description: ReadyReplicas defines current ready replicas + format: int32 + type: integer + replicas: + description: Replicas defines replicas + format: int32 + type: integer + selector: + description: Selector gets the label selector of the child pod. The + Horizontal Pod Autoscaler(HPA) will scale using label selector of + the child pod. + type: string + tls: + type: boolean + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.1.1/templates/clusterrole.yaml b/base/cfk-base/2.1.1/templates/clusterrole.yaml new file mode 100644 index 0000000..75b52f4 --- /dev/null +++ b/base/cfk-base/2.1.1/templates/clusterrole.yaml @@ -0,0 +1,119 @@ +--- +# Source: confluent-for-kubernetes/templates/clusterrole.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: confluent-for-kubernetes + app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: confluent-for-kubernetes-0.280.22 + name: confluent-operator +rules: +- apiGroups: + - cluster.confluent.com + resources: + - zookeeperclusters + - zookeeperclusters/status + - zookeeperclusters/scale + - zookeeperclusters/finalizers + - kafkaclusters + - kafkaclusters/status + - kafkaclusters/scale + - kafkaclusters/finalizers + verbs: + - '*' +- apiGroups: + - operator.confluent.cloud + resources: + - physicalstatefulclusters + - physicalstatefulclusters/scale + - physicalstatefulclusters/status + - physicalstatefulclusters/finalizers + verbs: + - '*' +- apiGroups: + - platform.confluent.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - route.openshift.io + resources: + - routes + - routes/custom-host + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - apps + resources: + - statefulsets + - statefulsets/scale + - statefulsets/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps + - events + - persistentvolumeclaims + - secrets + - secrets/finalizers + - pods + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - networking.k8s.io + resources: + - ingresses + - ingresses/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list diff --git a/base/cfk-base/2.1.1/templates/clusterrolebinding.yaml b/base/cfk-base/2.1.1/templates/clusterrolebinding.yaml new file mode 100644 index 0000000..005a9c2 --- /dev/null +++ b/base/cfk-base/2.1.1/templates/clusterrolebinding.yaml @@ -0,0 +1,21 @@ +--- +# Source: confluent-for-kubernetes/templates/clusterrolebinding.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: + app: confluent-for-kubernetes + app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: confluent-for-kubernetes-0.280.22 + name: confluent-operator +subjects: +- kind: ServiceAccount + name: confluent-for-kubernetes + namespace: default +roleRef: + kind: ClusterRole + name: confluent-operator + apiGroup: rbac.authorization.k8s.io diff --git a/base/cfk-base/2.1.1/templates/deployment.yaml b/base/cfk-base/2.1.1/templates/deployment.yaml new file mode 100644 index 0000000..acde87b --- /dev/null +++ b/base/cfk-base/2.1.1/templates/deployment.yaml @@ -0,0 +1,82 @@ +--- +# Source: confluent-for-kubernetes/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: confluent-for-kubernetes + app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: confluent-for-kubernetes-0.280.22 + version: 0.280.22 + name: confluent-operator + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: "confluent-operator" + app.kubernetes.io/instance: release-name + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: + prometheus.io/path: "/metrics" + prometheus.io/port: "7778" + prometheus.io/scrape: "true" + labels: + app: "confluent-operator" + app.kubernetes.io/name: "confluent-operator" + app.kubernetes.io/instance: release-name + confluent-platform: "true" + version: 0.280.22 + spec: + securityContext: + fsGroup: 1001 + runAsNonRoot: true + runAsUser: 1001 + containers: + - args: + - --debug=false + name: confluent-operator + image: docker.io/confluentinc/confluent-operator:0.280.22 + imagePullPolicy: IfNotPresent + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + readinessProbe: + httpGet: + port: 8080 + path: /readyz + livenessProbe: + httpGet: + port: 8080 + path: /healthz + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: NODEIP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_ENTITY_ID + valueFrom: + fieldRef: + fieldPath: metadata.uid + serviceAccountName: confluent-for-kubernetes + restartPolicy: Always + terminationGracePeriodSeconds: 30 diff --git a/base/cfk-base/2.1.1/templates/kustomization.yaml b/base/cfk-base/2.1.1/templates/kustomization.yaml new file mode 100644 index 0000000..e9867e7 --- /dev/null +++ b/base/cfk-base/2.1.1/templates/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - licensing.yaml + - clusterrole.yaml + - clusterrolebinding.yaml + - deployment.yaml + - service.yaml + - serviceaccount.yaml diff --git a/base/cfk-base/2.1.1/templates/licensing.yaml b/base/cfk-base/2.1.1/templates/licensing.yaml new file mode 100644 index 0000000..d9483fd --- /dev/null +++ b/base/cfk-base/2.1.1/templates/licensing.yaml @@ -0,0 +1,17 @@ +--- +# Source: confluent-for-kubernetes/templates/licensing.yaml +apiVersion: v1 +kind: Secret +metadata: + labels: + app: confluent-for-kubernetes + app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: confluent-for-kubernetes-0.280.22 + namespace: default + name: confluent-operator-licensing +type: Opaque +data: + publicKey.pem: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF2YUd5OFRPZGJDTXlTTTd6cVpzeApuNjJ5dUUrQmhJUGxjOXo5Y3RyWCt0QldOQ0NKZVBaYktIVFpTOXVLTGVLVWk5dTA3dHMvMzVYUm5FNEFURDZxCmx3am5Tb0pPa2VJWGNZaUorWEdFeE4xb1JFOFJsNW90dmRtSkVzYjlZNkpzZmUybFJDQ3NaTng2azFzMU5tUUYKUjR3blJpS3lsSWlZSjl1V1VHZkgxOEpLWnFNOHo5UXFrWi8relFrekhOWXNYbi9ZeVJ1RElRWGVVU2VjaHI5MwpKanQ3OUFpa3NraWNvVDA0bHF6L0dhSHoyV0pFeXV2TExFMWpOQk9Db21LbDA1UWIreXZKbUdudC83SFg2SFQ3CjNobkNYYnNsd3R6cDBDbWVHT2lKUmJKeGJhaGtURnFoMW9LcVpYVURDWnJLQ05OUnZYcU4vUUhxbmF3bzZrSnkKOHdJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0t diff --git a/base/cfk-base/2.1.1/templates/service.yaml b/base/cfk-base/2.1.1/templates/service.yaml new file mode 100644 index 0000000..d173dbc --- /dev/null +++ b/base/cfk-base/2.1.1/templates/service.yaml @@ -0,0 +1,24 @@ +--- +# Source: confluent-for-kubernetes/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + labels: + app: confluent-for-kubernetes + app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: confluent-for-kubernetes-0.280.22 + name: confluent-operator + namespace: default +spec: + ports: + - name: http-metric + port: 7778 + protocol: TCP + targetPort: 7778 + selector: + app: "confluent-operator" + app.kubernetes.io/name: "confluent-operator" + type: ClusterIP diff --git a/base/cfk-base/2.1.1/templates/serviceaccount.yaml b/base/cfk-base/2.1.1/templates/serviceaccount.yaml new file mode 100644 index 0000000..c277425 --- /dev/null +++ b/base/cfk-base/2.1.1/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +--- +# Source: confluent-for-kubernetes/templates/serviceaccount.yaml +apiVersion: v1 +imagePullSecrets: +- name: confluent-registry +kind: ServiceAccount +metadata: + labels: + app: confluent-for-kubernetes + app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: confluent-for-kubernetes-0.280.22 + name: confluent-for-kubernetes + namespace: default diff --git a/base/crds/crds/kustomization.yaml b/base/cfk-base/2.2.0/crds/kustomization.yaml similarity index 97% rename from base/crds/crds/kustomization.yaml rename to base/cfk-base/2.2.0/crds/kustomization.yaml index c16b3a7..94cae59 100644 --- a/base/crds/crds/kustomization.yaml +++ b/base/cfk-base/2.2.0/crds/kustomization.yaml @@ -1,19 +1,17 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -metadata: - name: resources: + - platform.confluent.io_clusterlinks.yaml - platform.confluent.io_confluentrolebindings.yaml + - platform.confluent.io_connectors.yaml - platform.confluent.io_connects.yaml - platform.confluent.io_controlcenters.yaml - platform.confluent.io_kafkarestclasses.yaml + - platform.confluent.io_kafkarestproxies.yaml - platform.confluent.io_kafkas.yaml - platform.confluent.io_kafkatopics.yaml - platform.confluent.io_ksqldbs.yaml - platform.confluent.io_migrationjobs.yaml - platform.confluent.io_schemaregistries.yaml - - platform.confluent.io_zookeepers.yaml - - platform.confluent.io_clusterlinks.yaml - - platform.confluent.io_connectors.yaml - - platform.confluent.io_kafkarestproxies.yaml - platform.confluent.io_schemas.yaml + - platform.confluent.io_zookeepers.yaml diff --git a/base/crds/crds/platform.confluent.io_clusterlinks.yaml b/base/cfk-base/2.2.0/crds/platform.confluent.io_clusterlinks.yaml similarity index 100% rename from base/crds/crds/platform.confluent.io_clusterlinks.yaml rename to base/cfk-base/2.2.0/crds/platform.confluent.io_clusterlinks.yaml diff --git a/base/cfk-base/2.2.0/crds/platform.confluent.io_confluentrolebindings.yaml b/base/cfk-base/2.2.0/crds/platform.confluent.io_confluentrolebindings.yaml new file mode 100644 index 0000000..f187dce --- /dev/null +++ b/base/cfk-base/2.2.0/crds/platform.confluent.io_confluentrolebindings.yaml @@ -0,0 +1,257 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_confluentrolebindings.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: confluentrolebindings.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: ConfluentRolebinding + listKind: ConfluentRolebindingList + plural: confluentrolebindings + shortNames: + - cfrb + - confluentrolebinding + singular: confluentrolebinding + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.state + name: Status + type: string + - jsonPath: .status.kafkaClusterId + name: KafkaClusterId + type: string + - jsonPath: .status.principal + name: Principal + type: string + - jsonPath: .status.role + name: Role + type: string + - jsonPath: .status.kafkaRestClass + name: KafkaRestClass + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.kafkaCluster + name: KafkaCluster + priority: 1 + type: string + - jsonPath: .status.clusterRegistryName + name: ClusterRegistryName + priority: 1 + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: ConfluentRolebinding is the Schema for the confluentrolebinding + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ConfluentRolebindingSpec defines the desired state of rolebinding + for cp component when rbac is enabled + properties: + clustersScopeByIds: + description: ClusterScope defines the scope of clustersId + properties: + connectClusterId: + minLength: 1 + type: string + kafkaClusterId: + minLength: 1 + type: string + ksqlClusterId: + minLength: 1 + type: string + schemaRegistryClusterId: + minLength: 1 + type: string + type: object + clustersScopeByRegistryName: + description: ClusterRegistryName defines the unique cluster name customer + registered in cluster registry + minLength: 1 + type: string + kafkaRestClassRef: + description: KafkaRestClassRef defines the reference for KafkaRestClass + which defines Kafka Rest API + properties: + name: + description: Name defines the name of KafkaRestClass + minLength: 1 + type: string + namespace: + description: Namespace defines the namespace of the KafkaRestClass + type: string + required: + - name + type: object + principal: + description: Principal defines the confluent rolebinding principal + name and the binding details. + properties: + name: + description: Name defines the name of the principal(user/group) + minLength: 1 + type: string + type: + enum: + - user + - group + type: string + required: + - name + - type + type: object + resourcePatterns: + description: ResourcePatterns define the qualified resources associated + with this rolebinding + items: + description: ResourcePattern define the qualified resource info + associated with this rolebinding + properties: + name: + description: Name defines the name of resource associated with + this rolebinding + minLength: 1 + type: string + patternType: + description: PatternType defines whether the pattern of resource + is PREFIXED or LITERAL, default is LITERAL if not set + enum: + - PREFIXED + - LITERAL + type: string + resourceType: + description: ResourceType defines the type of resource + minLength: 1 + type: string + required: + - name + - resourceType + type: object + type: array + role: + description: Role defines the name of the Role + minLength: 1 + type: string + required: + - principal + - role + type: object + status: + description: ConfluentRolebindingStatus defines the observed state of + ConfluentRolebinding + properties: + clusterRegistryName: + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition + is evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + kafkaCluster: + type: string + kafkaClusterId: + type: string + kafkaRestClass: + type: string + mdsEndpoint: + type: string + principal: + type: string + resourcePatterns: + items: + description: ResourcePattern define the qualified resource info + associated with this rolebinding + properties: + name: + description: Name defines the name of resource associated with + this rolebinding + minLength: 1 + type: string + patternType: + description: PatternType defines whether the pattern of resource + is PREFIXED or LITERAL, default is LITERAL if not set + enum: + - PREFIXED + - LITERAL + type: string + resourceType: + description: ResourceType defines the type of resource + minLength: 1 + type: string + required: + - name + - resourceType + type: object + type: array + role: + type: string + state: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.2.0/crds/platform.confluent.io_connectors.yaml b/base/cfk-base/2.2.0/crds/platform.confluent.io_connectors.yaml new file mode 100644 index 0000000..672ef73 --- /dev/null +++ b/base/cfk-base/2.2.0/crds/platform.confluent.io_connectors.yaml @@ -0,0 +1,353 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_connectors.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: connectors.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: Connector + listKind: ConnectorList + plural: connectors + shortNames: + - ctr + - connector + singular: connector + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.state + name: Status + type: string + - jsonPath: .status.connectorState + name: ConnectorStatus + type: string + - jsonPath: .status.tasksReady + name: Tasks-Ready + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.connectRestEndpoint + name: ConnectEndpoint + priority: 1 + type: string + - jsonPath: .status.failedTasksCount + name: Tasks-Failed + priority: 1 + type: string + - jsonPath: .status.workerId + name: WorkerId + priority: 1 + type: string + - jsonPath: .status.restartPolicy.type + name: RestartPolicy + priority: 1 + type: string + - jsonPath: .status.kafkaClusterId + name: KafkaClusterId + priority: 1 + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: Connector is the Schema for the connectors API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ConnectorSpec defines the desired state of Connector + properties: + class: + description: ClassName defines the class name for a connector. Connect + cluster displays the supported class names in its status + minLength: 1 + type: string + configs: + additionalProperties: + type: string + description: Configs defines all other configurations for the connector + type: object + connectClusterRef: + description: ConnectClusterRef defines the discovery section to refer + to a CFK managed connect cluster + properties: + name: + description: Name defines name of the cluster + type: string + namespace: + description: Namespace defines namespace where cluster is running + type: string + required: + - name + type: object + connectRest: + description: ConnectRestRef defines Connect Rest API connection configuration + properties: + authentication: + description: Authentication defines the Rest API authentication + mechanism + properties: + basic: + description: Basic defines basic authentication for the rest + client + properties: + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + bearer: + description: BearerAuthentication defines bearer authentication + for the rest client + properties: + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: + enum: + - basic + - bearer + - mtls + type: string + required: + - type + type: object + endpoint: + description: Endpoint defines where confluent Rest API is running + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: TLSDependencyConfig defines custom TLS structure + for the child resources(connector, topic, schema, etc) of CP + component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. + minLength: 1 + type: string + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: object + name: + description: Name defines the Connector name. If not configured uses + the CR name as connector name + maxLength: 255 + minLength: 1 + pattern: ^[a-zA-Z0-9\._\-]*$ + type: string + restartPolicy: + description: RestartPolicy defines the policy to restart failed tasks + of connector + properties: + maxRetry: + description: MaxRetry defines the max retry times to restart when + restartPolicy type is OnFailure, default value is 10 + format: int32 + minimum: 1 + type: integer + type: + description: Type defines the restart policy type to restart connector + tasks, default value is OnFailure, which means it will restart + automatically when tasks failed if not reach max retry times + enum: + - OnFailure + - Never + type: string + required: + - type + type: object + taskMax: + description: TaskMax defines the max task for a connector, it must + be greater than 0. The connector may create fewer tasks if it cannot + achieve this level of parallelism + format: int32 + minimum: 1 + type: integer + required: + - class + - taskMax + type: object + status: + description: ConnectorStatus defines the observed state of Connector + properties: + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition + is evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + connectRestEndpoint: + description: ConnectRestEndpoint defines the rest endpoint of connect + cluster + type: string + connectorState: + description: ConnectorState define the actual status of the connector + instance + type: string + failedTasks: + additionalProperties: + description: TaskStatus defines the connector task status + properties: + id: + description: Id defines id of the task + format: int32 + type: integer + retryCount: + description: RetryCount defines the current retried count of + restarting the task when its state is failed + format: int32 + type: integer + workerId: + description: WorkerId defines the workerId for the task + type: string + required: + - id + type: object + description: FailedTasksMap defines the map of connector tasks with + state FAILED. Error message of failed tasks logged in operator logs + as INFO, or can be get via making connect rest api calls + type: object + failedTasksCount: + description: FailedTasksCount defines the number of failed tasks + format: int32 + type: integer + kafkaClusterId: + description: KafkaClusterId defines the kafka cluster Id the connector + belongs to + type: string + restartPolicy: + description: RestartPolicy defines the policy to restart failed tasks + of connector + properties: + maxRetry: + description: MaxRetry defines the max retry times to restart when + restartPolicy type is OnFailure, default value is 10 + format: int32 + minimum: 1 + type: integer + type: + description: Type defines the restart policy type to restart connector + tasks, default value is OnFailure, which means it will restart + automatically when tasks failed if not reach max retry times + enum: + - OnFailure + - Never + type: string + required: + - type + type: object + state: + description: State defines the CR state of the connector, it is not + the connector state, which can be PROVISIONING, CREATED, ERROR, + DELETE-REQUESTED, etc + type: string + tasksReady: + description: TaskReady defines the number of running tasks based on + taskMax + type: string + trace: + description: ConnectorTrace defines the error trace message for the + connector instance + type: string + workerId: + description: ConnectorWorkerId defines the workerId for the connector + instance + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.2.0/crds/platform.confluent.io_connects.yaml b/base/cfk-base/2.2.0/crds/platform.confluent.io_connects.yaml new file mode 100644 index 0000000..f79819b --- /dev/null +++ b/base/cfk-base/2.2.0/crds/platform.confluent.io_connects.yaml @@ -0,0 +1,3257 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_connects.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: connects.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: Connect + listKind: ConnectList + plural: connects + shortNames: + - connect + singular: connect + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.replicas + name: Replicas + type: string + - jsonPath: .status.readyReplicas + name: Ready + type: string + - jsonPath: .status.phase + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.kafka.bootstrapEndpoint + name: Kafka + priority: 1 + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: Connect is the Schema for the Connects API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ConnectSpec defines the desired state of Connect + properties: + authentication: + description: Rest server security fields + properties: + basic: + description: Basic defines basic authentication + properties: + debug: + description: Debug enables basic auth debug logs if true for + JAAS configuration + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic + credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on the + server side only. Changes will be only reflected in ControlCenter + (C3). This configuration is ignored on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on the + server side only. This configuration is ignored on the client + side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme for + Rest Server + enum: + - basic + - mtls + type: string + required: + - type + type: object + authorization: + description: Authorization + properties: + kafkaRestClassRef: + description: KafkaRestClassRef defines the reference for KafkaRestClass + which defines Kafka Rest API + properties: + name: + description: Name defines the name of KafkaRestClass + minLength: 1 + type: string + namespace: + description: Namespace defines the namespace of the KafkaRestClass + type: string + required: + - name + type: object + type: + enum: + - rbac + type: string + required: + - type + type: object + build: + description: Build defines the build configurations for connector + plugins + properties: + onDemand: + description: OnDemand defines the build configurations for build + type onDemand + properties: + plugins: + description: ConnectorPlugins defines the install information + of plugins requested to be installed + properties: + confluentHub: + description: ConfluentHub defines the list of ConfluentHubPlugin + getting from the Confluent Hub + items: + description: ConfluentHubPlugin defines the information + to get the plugin from confluent hub + properties: + name: + description: Name defines the name of the connector + plugin + minLength: 1 + type: string + owner: + description: 'Owner defines the individual or organization + provides the plugin, for example: confluentinc' + minLength: 1 + type: string + version: + description: Version defines the version of plugin, + which can be either the version of the component + or the literal `latest` + minLength: 1 + type: string + required: + - name + - owner + - version + type: object + type: array + locationType: + description: LocationType defines location to get the + plugins + enum: + - confluentHub + - url + type: string + url: + description: URL defines the list of URLPlugin getting + from external URL + items: + description: URLConnector defines the information to + get the plugin from URL + properties: + archivePath: + description: ArchivePath defines the archive path + of the plugin + minLength: 1 + pattern: ^https?://.* + type: string + checksum: + description: Checksum defines the sha512sum checksum + of the plugin's remote file, used to verify the + remote file after download + type: string + name: + description: Name defines the connector plugin name + minLength: 1 + type: string + required: + - archivePath + - checksum + - name + type: object + type: array + required: + - locationType + type: object + storageLimit: + anyOf: + - type: integer + - type: string + description: StorageLimit defines the max amount of node volume + can be used to store the connector plugins, default value + is 4G. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - plugins + type: object + type: + description: Type defines the build type for connector plugins, + currently only support onDemand type + enum: + - onDemand + type: string + required: + - type + type: object + configOverrides: + description: ConfigurationOverrides defines capability to override + server/jvm/log4j properties for each Confluent platform component. + Change will roll the cluster + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + connectorOverridePolicy: + description: ConnectorOverridePolicy allows policy to permit per-connector + override configuration for producer/consumer/admin prefix. More + information can be found here, https://docs.confluent.io/platform/current/connect/security.html#separate-principals + enum: + - All + - Principal + type: string + connectorTLSCerts: + description: ConnectorTLSCerts defines the list of CustomTLSCertificate + injected in connect cluster for connector use. Please check connect + status for the mount path of the certificates. Change will roll + the cluster + items: + description: CustomTLSCertificate defines custom TLS structure for + the child resources(connector, topic, schema, etc) of CP component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. + minLength: 1 + type: string + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: array + dependencies: + description: ConnectDependencies holds dependencies a connect requires + or can enable + properties: + admin: + description: configure admin client If bootstrapEndpoint is not + configured, the security is configured based on the kafka dependencies + configuration. Configure if different bootstrapEndpoint is required + for admin client + properties: + authentication: + description: Authentication defines the authentication for + the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to + pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to + discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if + not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + consumer: + description: Consumer security configuration to connect to Kafka + Cluster pointed by bootstrapEndpoint, used for sink connectors. + If bootstrapEndpoint is not configured, the security is configured + based on the kafka dependencies configuration. Configure if + different bootstrapEndpoint is required for consumer + properties: + authentication: + description: Authentication defines the authentication for + the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to + pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to + discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if + not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + interceptor: + description: configure confluent monitoring interceptor + properties: + configs: + description: Configs defines configs for the CP interceptor + Config override feature can be used to pass config + items: + type: string + type: array + consumer: + description: Consumer defines the consumer configuration for + interceptor. If not configured it will use the kafka dependency + configuration + properties: + authentication: + description: Authentication defines the authentication + for the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's + JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference + to pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete + JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name + referenced for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability + to discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component + is running Uses the same namespace where Operator + is running if not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side + TLS setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the + directory path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration + for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure + ignores the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name + referenced for jks password More information + about jks password key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + enabled: + description: Enabled defines to enable the CP interceptor + configuration + type: boolean + producer: + description: Producer defines the producer configuration for + interceptor. If not configured it will use the kafka dependency + configuration + properties: + authentication: + description: Authentication defines the authentication + for the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's + JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference + to pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete + JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name + referenced for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability + to discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component + is running Uses the same namespace where Operator + is running if not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side + TLS setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the + directory path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration + for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure + ignores the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name + referenced for jks password More information + about jks password key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + publishMs: + type: integer + required: + - enabled + type: object + kafka: + description: Connect dependency for connecting to kafka. Uses + discovery if that specified + properties: + authentication: + description: Authentication defines the authentication for + the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to + pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to + discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if + not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: Mds configurations for when RBAC is enabled + properties: + authentication: + description: Authentication defines MDS authentication configuration + properties: + bearer: + description: BearerAuthentication defines bearer authentication + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines the authentication type support + for MDS + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: Endpoint defines the mds endpoint + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: ClientTLSConfig defines TLS configuration for + CP component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: TokenKeyPair defines the token keypair to configure + MDS + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - authentication + - endpoint + - tokenKeyPair + type: object + producer: + description: Producer security configuration to connect to Kafka + Cluster pointed by bootstrapEndpoint, used for source connectors. + If bootstrapEndpoint is not configured, the security is configured + based on the kafka dependencies configuration. Configure if + different bootstrapEndpoint/security is required for producer + properties: + authentication: + description: Authentication defines the authentication for + the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to + pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to + discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if + not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + schemaRegistry: + description: configure connect dependency for schemaregistry + properties: + authentication: + description: Authentication defines the authentication for + the schemaregistry cluster + properties: + basic: + description: Basic defines basic authentication + properties: + debug: + description: Debug enables basic auth debug logs if + true for JAAS configuration + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass + basic credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles + on the server side only. Changes will be only reflected + in ControlCenter (C3). This configuration is ignored + on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is ignored + on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for schemaregistry cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - url + type: object + type: object + enableSchemas: + description: EnableSchemas defines whether to enable scheme or not + type: boolean + externalAccess: + description: CPExternalAccess holds all external access policies for + non-kafka components + properties: + loadBalancer: + description: LoadBalancer allows to create a kubernetes load balancer + service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the + kubernetes service type load balancer + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring source + range + items: + type: string + type: array + port: + description: Port allows to configure external port for client + consumption If not configured, same internal/external port + will be configured per component Information about the port + can be retrieved through status API + format: int32 + type: integer + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard service + names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be + enabled with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in + the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this + is not specified, the value of the ''port'' field + is used (an identity map). This field is ignored for + services with clusterIP=None, and should be omitted + or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'SessionAffinity Supports "ClientIP" and "None". + Used to maintain session affinity. Enable client IP based + session affinity. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of session affinity + properties: + clientIP: + description: clientIP contains the configurations of Client + IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node port + service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the + kubernetes service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port offset + to be used and will go in the increasing order with respect + to the replicas count NodePort service creation will fail + if the node port to be used is not in the range supported + by kubernetes api-server. The default kubernetes NodePort + range is 30000-32762 + format: int32 + minimum: 0 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) For Kafka with nodePort type, it will only + apply to kafka bootstrap service + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard service + names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be + enabled with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in + the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this + is not specified, the value of the ''port'' field + is used (an identity map). This field is ignored for + services with clusterIP=None, and should be omitted + or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'SessionAffinity Supports "ClientIP" and "None". + Used to maintain session affinity. Enable client IP based + session affinity. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of session affinity + properties: + clientIP: + description: clientIP contains the configurations of Client + IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for OpenShift + Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the + OpenShift service type route + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. It defaults + to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: Type defines supported kubernetes external services + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + image: + description: Image defines application and init docker image configuration. + Change will roll the cluster + properties: + application: + description: Application defines application docker image name + pattern: .+:.+ + type: string + init: + description: Init defines init-container name + pattern: .+:.+ + type: string + pullPolicy: + description: ImagePullPolicy, One of Always, Never, IfNotPresent. + Defaults to IfNotPresent. + enum: + - Always + - Never + - IfNotPresent + type: string + pullSecretRef: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods + that reference this ServiceAccount. ImagePullSecrets are distinct + from Secrets because Secrets can be mounted in the pod, but + ImagePullSecrets are only accessed by the kubelet. More info: + https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: InjectAnnotations annotations are injected to all the + internal resources created by Operator. All the internal annotations + is preserved and forbidden to override. For pod annotations, use + podTemplate.annotations + type: object + injectLabels: + additionalProperties: + type: string + description: InjectLabels labels are injected to all the internal + resources created by Operator. All the internal labels is preserved + and forbidden to override. For pod labels, use podTemplate.labels + type: object + internalTopicReplicationFactor: + description: ' InternalTopicReplicationFactor defines internal topic + replication factor If not configured, it will be configured as + 3' + format: int32 + type: integer + k8sClusterDomain: + description: K8SClusterDomain defines configuring kubernetes cluster + domain if required. If this setting is not configured it will default + to cluster.local domain. + type: string + keyConverterType: + description: KeyConverter defines the supported converters package + for CP platform Supported converter types here, https://docs.confluent.io/current/connect/concepts.html#connect-converters + By default, it is configured as org.apache.kafka.connect.json.JsonConverter + minLength: 1 + type: string + license: + description: License defines license configuration for Confluent + platform component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where license key is mounted. More information + about the usage be found in Confluent Operator document. + minLength: 1 + type: string + globalLicense: + description: GlobalLicense specifies whether operator pod license + will be used for this component If enabled then Confluent platform + component shares Confluent Operator license. + type: boolean + secretRef: + description: SecretRef is secret reference which provides license + for CP component More information about the license key struct + can be found in Confluent Operator document. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + metrics: + description: Metrics specifies the security settings for metric services + properties: + authentication: + description: Metrics security authentication + properties: + type: + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: Override for jmx-prometheus exporter configs + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Prometheus exporter rule override + properties: + attrNameSnakeCase: + type: boolean + cache: + type: boolean + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: MountedSecrets defines list of secrets reference injected + to the the underlying statefulset configuration. The secret reference + is mounted secret mounted in default path /mnt/secrets/. + The underlying resources will follow the secret as a file configuration + as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod + Change will roll the cluster + items: + description: MountedSecrets allows provides a way to inject custom + secret to underlying statefulset. + properties: + keyItems: + description: keyItems is list of key and path names + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be in + conflict with other options that affect the file mode, + like fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: SecretRef defines the secret name referenced + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + oneReplicaPerNode: + description: OneReplicaPerNode enforces to run 1 pod per node through + pod anti-affinity capability. Enabling this configuration in existing + cluster will roll. Change will roll the cluster + type: boolean + podTemplate: + description: PodTemplate defines some statefulset pod template configuration + properties: + affinity: + description: 'Affinity is a group of affinity scheduling rules. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from + its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term + matches no objects. The requirements of them are + ANDed. The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node that + violates one or more of the expressions. The node that + is most preferred is the one with the greatest sum of + weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod + label update), the system may or may not try to eventually + evict the pod from its node. When there are multiple + elements, the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations defines an unstructured key value map + stored with a resource that may be set by external tools to + store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + envVars: + description: 'EnvVars defines the collection of EnvVar to inject + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Labels defines map of string keys and values that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present + in container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to + all containers in a pod. Some volume types allow the Kubelet + to change the ownership of that volume to be owned by the + pod: \n 1. The owning GID will be the FSGroup 2. The setgid + bit is set (new files created in the volume will be owned + by FSGroup) 3. The permission bits are OR'd with rw-rw---- + \n If unset, the Kubelet will not modify the ownership and + permissions of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence + for that container. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process + run in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options within a container's + SecurityContext will be used. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName defines priority class for the + pod (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: Probe defines some fields of standard kubernetes + readiness/liveness probe configuration. + properties: + liveness: + description: Liveness allows to configure some some probe + configuration The changes will override the existing default + configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has + started before probes are initiated. CP component comes + with right configuration, not required to change most + of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + readiness: + description: Readiness allows to configure some some probe + configuration The changes will override the existing default + configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has + started before probes are initiated. CP component comes + with right configuration, not required to change most + of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + type: object + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds defines grace period + for pod deletion + format: int64 + type: integer + tolerations: + description: Tolerations defines The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator . + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraints describes how a group of + pods ought to spread across topology domains. Scheduler will + schedule pods in a way which abides by the constraints. All + topologySpreadConstraints are ANDed. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods + may be unevenly distributed. It''s the maximum permitted + difference between the number of matching pods in any + two topology domains of a given topology type. For example, + in a 3-zone cluster, MaxSkew is set to 1, and pods with + the same labelSelector spread as 1/1/0: | zone1 | zone2 + | zone3 | | P | P | | - if MaxSkew is 1, + incoming pod can only be scheduled to zone3 to become + 1/1/1; scheduling it onto zone1(zone2) would make the + ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - + if MaxSkew is 2, incoming pod can be scheduled onto any + zone. It''s a required field. Default value is 1 and 0 + is not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - + DoNotSchedule (default) tells the scheduler not to schedule + it - ScheduleAnyway tells the scheduler to still schedule + it It''s considered as "Unsatisfiable" if and only if + placing incoming pod on any topology violates "MaxSkew". + For example, in a 3-zone cluster, MaxSkew is set to 1, + and pods with the same labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | | P P P | P | P | If + WhenUnsatisfiable is set to DoNotSchedule, incoming pod + can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). + In other words, the cluster can still be imbalanced, but + scheduler won''t make it *more* imbalanced. It''s a required + field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + replicas: + description: Replicas is the desired number of replicas of the given + Template. Change will roll the cluster + format: int32 + type: integer + telemetry: + description: ConfluentTelemetry defines the confluent telemetry reporter + configuration + properties: + global: + description: Global will allow disabling telemetry configuration. + If Operator is deployed with telemetry, this field is only is + used to disabled. By default the value is true if telemetry + is enabled in global level. + type: boolean + type: object + tls: + description: TLS allows configuring CP Component's server configuration + properties: + autoGeneratedCerts: + description: AutoGenerated if configures generates the certificates + based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where keystore/truststore.jks/jksPassword.txt keys + are mounted. CP will not configure truststore.jks can be ignored + with IgnoreTrustStoreConfig field + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced for + jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value format + can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + valueConverterType: + description: ValueConverter defines the supported converters package + for CP platform Supported converter types here, https://docs.confluent.io/current/connect/concepts.html#connect-converters + By default, it is configured as org.apache.kafka.connect.json.JsonConverter + minLength: 1 + type: string + required: + - image + - replicas + type: object + status: + description: ConnectStatus defines the observed state of Connect + properties: + authorizationType: + type: string + clusterName: + description: ClusterName defines the name of the cluster + type: string + clusterNamespace: + description: ClusterNamespace provides the namespace where cluster + is running + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition + is evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + connectorPlugins: + items: + description: ConnectorPlugin define the state of connector plugin + properties: + class: + description: ClassName defines the class name of the connector + plugin + type: string + type: + description: Type defines the type of the connector plugin, + which can be SOURCE, SINK or UNKNOWN + type: string + version: + description: Version defines the current version of the connector + plugin + type: string + required: + - class + type: object + type: array + connectorTLSFilePaths: + items: + description: CustomTLSFilePathStatus defines the file paths of custom + TLS certificates + properties: + jksPasswordPath: + description: JksPasswordPath defines the absolute path of the + jksPassword.txt file + type: string + keyStorePath: + description: KeyStorePath defines the absolute path of the truststore + .jks or .p12 file + type: string + trustStorePath: + description: TrustStorePath defines the absolute path of the + truststore .jks or .p12 file + type: string + type: object + type: array + currentReplicas: + description: CurrentReplicas defines current running replicas + format: int32 + type: integer + groupId: + type: string + internalSecrets: + description: InternalSecrets defines the list of internal secrets + created by Operator for each CP component. + items: + type: string + type: array + internalTopicNames: + description: InternalTopicNames is a list of topics used by the component + for internal use + items: + type: string + type: array + kafka: + description: KafkaClientInfoStatus defines the kafka client side status + for all CP component + properties: + authenticationType: + description: AuthenticationType defines the authentication type + for kafka + type: string + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + type: string + tls: + description: TLS defines if tls is enabled for kafka dependency + type: boolean + type: object + operatorVersion: + description: OperatorVersion defines the internal version of operator + type: string + phase: + description: Phase defines the state of the CP component + type: string + rbac: + description: RBACInfoStatus defines RBAC related status when RBAC + is enabled + properties: + clusterId: + description: ClusterId defines the id of cluster + type: string + internalRolebindings: + description: RolebindingState defines the state of internal rolebindings + items: + type: string + type: array + type: object + readyReplicas: + description: ReadyReplicas defines current ready replicas + format: int32 + type: integer + replicas: + description: Replicas defines replicas + format: int32 + type: integer + restConfig: + description: ListenerStatus describes general information about a + listeners + properties: + advertisedExternalEndpoints: + description: AdvertisedExternalEndpoints defines other advertised + endpoints, especially use for kafka + items: + type: string + type: array + authenticationType: + description: AuthenticationType defines authentication type configured + by a listener + type: string + externalAccessType: + description: ExternalAccessType is the external access type used + for the listener + type: string + externalEndpoint: + description: ExternalEndpoint defines the external endpoint to + connect to the service + type: string + internalEndpoint: + description: InternalEndpoint defines the internal endpoint to + connect to the service + type: string + tls: + description: TLS defines whether tls is configured by a listener + type: boolean + type: object + selector: + description: Selector gets the label selector of the child pod. The + Horizontal Pod Autoscaler(HPA) will scale using label selector of + the child pod. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.2.0/crds/platform.confluent.io_controlcenters.yaml b/base/cfk-base/2.2.0/crds/platform.confluent.io_controlcenters.yaml new file mode 100644 index 0000000..4429f07 --- /dev/null +++ b/base/cfk-base/2.2.0/crds/platform.confluent.io_controlcenters.yaml @@ -0,0 +1,3032 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_controlcenters.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: controlcenters.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: ControlCenter + listKind: ControlCenterList + plural: controlcenters + shortNames: + - controlcenter + - c3 + singular: controlcenter + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.replicas + name: Replicas + type: string + - jsonPath: .status.readyReplicas + name: Ready + type: string + - jsonPath: .status.phase + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.kafka.bootstrapEndpoint + name: Kafka + priority: 1 + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: ControlCenter is the Schema for the controlcenter API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ControlCenterSpec defines the desired state of ControlCenter + properties: + authentication: + description: Authentication defines the rest-endpoint configuration + properties: + basic: + description: BasicAuthentication defines basic authentication + properties: + debug: + description: Debug enables basic auth debug logs if true for + JAAS configuration + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic + credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on the + server side only. Changes will be only reflected in ControlCenter + (C3). This configuration is ignored on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on the + server side only. This configuration is ignored on the client + side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + ldap: + description: C3LdapAuthentication defines ldap authentication + properties: + debug: + description: Debug enables basic auth debug logs if true for + JAAS configuration + type: boolean + property: + additionalProperties: + type: string + description: Property defines all the properties for LDAP + configuration Make sure to use secret object to pass username/password + type: object + restrictedRoles: + description: RestrictedRoles defines restricted access roles + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on the + server side only. + items: + type: string + minItems: 1 + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - basic + - ldap + - mtls + type: string + required: + - type + type: object + authorization: + description: Authorization defines authorization configurations + properties: + kafkaRestClassRef: + description: KafkaRestClassRef defines the reference for KafkaRestClass + which defines Kafka Rest API + properties: + name: + description: Name defines the name of KafkaRestClass + minLength: 1 + type: string + namespace: + description: Namespace defines the namespace of the KafkaRestClass + type: string + required: + - name + type: object + type: + enum: + - rbac + type: string + required: + - type + type: object + configOverrides: + description: ConfigurationOverrides defines capability to override + server/jvm/log4j properties for each Confluent platform component. + Change will roll the cluster + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + dataVolumeCapacity: + anyOf: + - type: integer + - type: string + description: DataVolumeCapacity defines the data size for PV + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + dependencies: + description: Dependencies defines all the dependencies service configuration + properties: + connect: + description: Connect defines connect worker dependencies configuration + items: + description: ControlCenterConnectDependency + properties: + authentication: + description: Authentication defines the authentication for + the connect cluster + properties: + basic: + description: Basic defines basic authentication + properties: + debug: + description: Debug enables basic auth debug logs + if true for JAAS configuration + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer allows to + pass basic credential through directory path in + a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted + roles on the server side only. Changes will be + only reflected in ControlCenter (C3). This configuration + is ignored on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is + ignored on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + name: + description: Name defines the cluster name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + tls: + description: TLSDependencyConfig defines the client side + TLS setting for connect cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - name + - url + type: object + type: array + kafka: + description: Kafka defines kafka dependencies configuration + properties: + authentication: + description: Authentication defines the authentication for + the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to + pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to + discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if + not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + ksqldb: + description: KsqlDB defines ksqldb dependencies configuration + items: + description: ControlCenterKSQLDependency + properties: + advertisedUrl: + description: AdvertisedURL defines the advertised url to + use in browser. + minLength: 1 + pattern: ^https?://.* + type: string + authentication: + description: Authentication defines the authentication for + the ksqldb cluster + properties: + basic: + description: Basic defines basic authentication + properties: + debug: + description: Debug enables basic auth debug logs + if true for JAAS configuration + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer allows to + pass basic credential through directory path in + a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted + roles on the server side only. Changes will be + only reflected in ControlCenter (C3). This configuration + is ignored on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is + ignored on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + name: + description: Name defines the cluster name + minLength: 1 + type: string + tls: + description: TLSDependencyConfig defines the client side + TLS setting for ksqldb cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - name + - url + type: object + type: array + mds: + description: MDSDependencies defines the RBAC dependencies configurations + properties: + authentication: + description: Authentication defines MDS authentication configuration + properties: + bearer: + description: BearerAuthentication defines bearer authentication + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines the authentication type support + for MDS + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: Endpoint defines the mds endpoint + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: ClientTLSConfig defines TLS configuration for + CP component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: TokenKeyPair defines the token keypair to configure + MDS + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - authentication + - endpoint + - tokenKeyPair + type: object + schemaRegistry: + description: SchemaRegistry defines schema registry dependencies + configuration + properties: + authentication: + description: Authentication defines the authentication for + the schemaregistry cluster + properties: + basic: + description: Basic defines basic authentication + properties: + debug: + description: Debug enables basic auth debug logs if + true for JAAS configuration + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass + basic credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles + on the server side only. Changes will be only reflected + in ControlCenter (C3). This configuration is ignored + on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is ignored + on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + clusters: + items: + description: ControlCenterMultiSchemaRegistryDependency + properties: + authentication: + description: Authentication defines the authentication + for the schemaregistry cluster + properties: + basic: + description: Basic defines basic authentication + properties: + debug: + description: Debug enables basic auth debug + logs if true for JAAS configuration + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer allows + to pass basic credential through directory + path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted + roles on the server side only. Changes will + be only reflected in ControlCenter (C3). This + configuration is ignored on the client side + configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration + is ignored on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication + scheme for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + name: + description: Name defines the cluster name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + tls: + description: TLSDependencyConfig defines the client + side TLS setting for schemaregistry cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the + directory path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration + for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure + ignores the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name + referenced for jks password + properties: + secretRef: + description: SecretRef defines the secret name + referenced for jks password More information + about jks password key/value format can be + found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - name + - url + type: object + type: array + tls: + description: TLSDependencyConfig defines the client side TLS + setting for schemaregistry cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - url + type: object + type: object + externalAccess: + description: ExternalAccess defines the external access configuration + properties: + loadBalancer: + description: LoadBalancer allows to create a kubernetes load balancer + service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the + kubernetes service type load balancer + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring source + range + items: + type: string + type: array + port: + description: Port allows to configure external port for client + consumption If not configured, same internal/external port + will be configured per component Information about the port + can be retrieved through status API + format: int32 + type: integer + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard service + names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be + enabled with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in + the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this + is not specified, the value of the ''port'' field + is used (an identity map). This field is ignored for + services with clusterIP=None, and should be omitted + or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'SessionAffinity Supports "ClientIP" and "None". + Used to maintain session affinity. Enable client IP based + session affinity. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of session affinity + properties: + clientIP: + description: clientIP contains the configurations of Client + IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node port + service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the + kubernetes service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port offset + to be used and will go in the increasing order with respect + to the replicas count NodePort service creation will fail + if the node port to be used is not in the range supported + by kubernetes api-server. The default kubernetes NodePort + range is 30000-32762 + format: int32 + minimum: 0 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) For Kafka with nodePort type, it will only + apply to kafka bootstrap service + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard service + names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be + enabled with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in + the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this + is not specified, the value of the ''port'' field + is used (an identity map). This field is ignored for + services with clusterIP=None, and should be omitted + or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'SessionAffinity Supports "ClientIP" and "None". + Used to maintain session affinity. Enable client IP based + session affinity. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of session affinity + properties: + clientIP: + description: clientIP contains the configurations of Client + IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for OpenShift + Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the + OpenShift service type route + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. It defaults + to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: Type defines supported kubernetes external services + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + id: + description: ControlCenterID identifier used as a prefix so that multiple + instances of Control Center can co-exist. + format: int32 + type: integer + image: + description: Image defines application and init docker image configuration. + Change will roll the cluster + properties: + application: + description: Application defines application docker image name + pattern: .+:.+ + type: string + init: + description: Init defines init-container name + pattern: .+:.+ + type: string + pullPolicy: + description: ImagePullPolicy, One of Always, Never, IfNotPresent. + Defaults to IfNotPresent. + enum: + - Always + - Never + - IfNotPresent + type: string + pullSecretRef: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods + that reference this ServiceAccount. ImagePullSecrets are distinct + from Secrets because Secrets can be mounted in the pod, but + ImagePullSecrets are only accessed by the kubelet. More info: + https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: InjectAnnotations annotations are injected to all the + internal resources created by Operator. All the internal annotations + is preserved and forbidden to override. For pod annotations, use + podTemplate.annotations + type: object + injectLabels: + additionalProperties: + type: string + description: InjectLabels labels are injected to all the internal + resources created by Operator. All the internal labels is preserved + and forbidden to override. For pod labels, use podTemplate.labels + type: object + internalTopicReplicatorFactor: + format: int32 + type: integer + k8sClusterDomain: + description: K8SClusterDomain defines configuring kubernetes cluster + domain if required. If this setting is not configured it will default + to cluster.local domain. + type: string + license: + description: License defines license configuration for Confluent + platform component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where license key is mounted. More information + about the usage be found in Confluent Operator document. + minLength: 1 + type: string + globalLicense: + description: GlobalLicense specifies whether operator pod license + will be used for this component If enabled then Confluent platform + component shares Confluent Operator license. + type: boolean + secretRef: + description: SecretRef is secret reference which provides license + for CP component More information about the license key struct + can be found in Confluent Operator document. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + mail: + description: ControlCenterSMTPServer, these settings control the SMTP + server and account used when an alerts triggers the email action. + properties: + authentication: + description: Authentication SMTP supports basic authentication + support only For other types of authentication use config overrides + capability. + properties: + basic: + description: Basic defines basic authentication + properties: + debug: + description: Debug enables basic auth debug logs if true + for JAAS configuration + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic + credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles + on the server side only. Changes will be only reflected + in ControlCenter (C3). This configuration is ignored + on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is ignored + on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + checkServerIdentity: + description: CheckServerIdentity forces validation of server’s + certificate when using STARTTLS or SSL. + type: boolean + hostname: + description: Hostname of outgoing SMTP server + minLength: 1 + type: string + mailBounceAddress: + description: MailBounceAddress override for MailFrom config to + send message + minLength: 1 + type: string + mailFrom: + description: MailFrom the originating address for emails sent + from Control Center. + minLength: 1 + type: string + port: + description: Port SMTP port open on for hostname + format: int32 + type: integer + startTLSRequired: + description: StartTLSRequired forces using STARTTLS. + type: boolean + required: + - hostname + type: object + metrics: + description: Metrics specifies the security settings for metric services + properties: + authentication: + description: Metrics security authentication + properties: + type: + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: Override for jmx-prometheus exporter configs + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Prometheus exporter rule override + properties: + attrNameSnakeCase: + type: boolean + cache: + type: boolean + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + monitoringKafkaClusters: + description: MonitoringKafkaClusters defines configuring monitoring + clusters + items: + description: MonitoringKafkaClusters kafka cluster configuration + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + name: + description: Name defines the cluster name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + required: + - name + type: object + type: array + mountedSecrets: + description: MountedSecrets defines list of secrets reference injected + to the the underlying statefulset configuration. The secret reference + is mounted secret mounted in default path /mnt/secrets/. + The underlying resources will follow the secret as a file configuration + as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod + Change will roll the cluster + items: + description: MountedSecrets allows provides a way to inject custom + secret to underlying statefulset. + properties: + keyItems: + description: keyItems is list of key and path names + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be in + conflict with other options that affect the file mode, + like fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: SecretRef defines the secret name referenced + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + name: + description: ControlCenterName name of the cluster + type: string + oneReplicaPerNode: + description: OneReplicaPerNode enforces to run 1 pod per node through + pod anti-affinity capability. Enabling this configuration in existing + cluster will roll. Change will roll the cluster + type: boolean + podTemplate: + description: PodTemplate defines some statefulset pod template configuration + properties: + affinity: + description: 'Affinity is a group of affinity scheduling rules. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from + its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term + matches no objects. The requirements of them are + ANDed. The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node that + violates one or more of the expressions. The node that + is most preferred is the one with the greatest sum of + weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod + label update), the system may or may not try to eventually + evict the pod from its node. When there are multiple + elements, the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations defines an unstructured key value map + stored with a resource that may be set by external tools to + store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + envVars: + description: 'EnvVars defines the collection of EnvVar to inject + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Labels defines map of string keys and values that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present + in container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to + all containers in a pod. Some volume types allow the Kubelet + to change the ownership of that volume to be owned by the + pod: \n 1. The owning GID will be the FSGroup 2. The setgid + bit is set (new files created in the volume will be owned + by FSGroup) 3. The permission bits are OR'd with rw-rw---- + \n If unset, the Kubelet will not modify the ownership and + permissions of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence + for that container. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process + run in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options within a container's + SecurityContext will be used. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName defines priority class for the + pod (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: Probe defines some fields of standard kubernetes + readiness/liveness probe configuration. + properties: + liveness: + description: Liveness allows to configure some some probe + configuration The changes will override the existing default + configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has + started before probes are initiated. CP component comes + with right configuration, not required to change most + of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + readiness: + description: Readiness allows to configure some some probe + configuration The changes will override the existing default + configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has + started before probes are initiated. CP component comes + with right configuration, not required to change most + of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + type: object + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds defines grace period + for pod deletion + format: int64 + type: integer + tolerations: + description: Tolerations defines The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator . + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraints describes how a group of + pods ought to spread across topology domains. Scheduler will + schedule pods in a way which abides by the constraints. All + topologySpreadConstraints are ANDed. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods + may be unevenly distributed. It''s the maximum permitted + difference between the number of matching pods in any + two topology domains of a given topology type. For example, + in a 3-zone cluster, MaxSkew is set to 1, and pods with + the same labelSelector spread as 1/1/0: | zone1 | zone2 + | zone3 | | P | P | | - if MaxSkew is 1, + incoming pod can only be scheduled to zone3 to become + 1/1/1; scheduling it onto zone1(zone2) would make the + ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - + if MaxSkew is 2, incoming pod can be scheduled onto any + zone. It''s a required field. Default value is 1 and 0 + is not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - + DoNotSchedule (default) tells the scheduler not to schedule + it - ScheduleAnyway tells the scheduler to still schedule + it It''s considered as "Unsatisfiable" if and only if + placing incoming pod on any topology violates "MaxSkew". + For example, in a 3-zone cluster, MaxSkew is set to 1, + and pods with the same labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | | P P P | P | P | If + WhenUnsatisfiable is set to DoNotSchedule, incoming pod + can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). + In other words, the cluster can still be imbalanced, but + scheduler won''t make it *more* imbalanced. It''s a required + field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + replicas: + description: Replicas is the desired number of replicas of the given + Template. Change will roll the cluster + format: int32 + type: integer + storageClass: + description: StorageClass defines user provided storage class reference + properties: + name: + description: Name defines name is the storage class reference + name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + telemetry: + description: ConfluentTelemetry defines the confluent telemetry reporter + configuration + properties: + global: + description: Global will allow disabling telemetry configuration. + If Operator is deployed with telemetry, this field is only is + used to disabled. By default the value is true if telemetry + is enabled in global level. + type: boolean + type: object + tls: + description: TLS defines tls configuration for rest-endpoint + properties: + autoGeneratedCerts: + description: AutoGenerated if configures generates the certificates + based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where keystore/truststore.jks/jksPassword.txt keys + are mounted. CP will not configure truststore.jks can be ignored + with IgnoreTrustStoreConfig field + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced for + jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value format + can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - dataVolumeCapacity + - image + - replicas + type: object + status: + description: ControlCenterStatus defines the observed state of ControlCenter + properties: + authorizationType: + type: string + clusterName: + description: ClusterName defines the name of the cluster + type: string + clusterNamespace: + description: ClusterNamespace provides the namespace where cluster + is running + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition + is evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + controlCenterName: + type: string + currentReplicas: + description: CurrentReplicas defines current running replicas + format: int32 + type: integer + id: + format: int32 + type: integer + internalSecrets: + description: InternalSecrets defines the list of internal secrets + created by Operator for each CP component. + items: + type: string + type: array + internalTopicNames: + description: InternalTopicNames is a list of topics used by the component + for internal use + items: + type: string + type: array + kafka: + description: KafkaClientInfoStatus defines the kafka client side status + for all CP component + properties: + authenticationType: + description: AuthenticationType defines the authentication type + for kafka + type: string + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + type: string + tls: + description: TLS defines if tls is enabled for kafka dependency + type: boolean + type: object + operatorVersion: + description: OperatorVersion defines the internal version of operator + type: string + phase: + description: Phase defines the state of the CP component + type: string + rbac: + description: RBACInfoStatus defines RBAC related status when RBAC + is enabled + properties: + clusterId: + description: ClusterId defines the id of cluster + type: string + internalRolebindings: + description: RolebindingState defines the state of internal rolebindings + items: + type: string + type: array + type: object + readyReplicas: + description: ReadyReplicas defines current ready replicas + format: int32 + type: integer + replicas: + description: Replicas defines replicas + format: int32 + type: integer + restConfig: + description: ListenerStatus describes general information about a + listeners + properties: + advertisedExternalEndpoints: + description: AdvertisedExternalEndpoints defines other advertised + endpoints, especially use for kafka + items: + type: string + type: array + authenticationType: + description: AuthenticationType defines authentication type configured + by a listener + type: string + externalAccessType: + description: ExternalAccessType is the external access type used + for the listener + type: string + externalEndpoint: + description: ExternalEndpoint defines the external endpoint to + connect to the service + type: string + internalEndpoint: + description: InternalEndpoint defines the internal endpoint to + connect to the service + type: string + tls: + description: TLS defines whether tls is configured by a listener + type: boolean + type: object + selector: + description: Selector gets the label selector of the child pod. The + Horizontal Pod Autoscaler(HPA) will scale using label selector of + the child pod. + type: string + required: + - id + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.2.0/crds/platform.confluent.io_kafkarestclasses.yaml b/base/cfk-base/2.2.0/crds/platform.confluent.io_kafkarestclasses.yaml new file mode 100644 index 0000000..4c37b62 --- /dev/null +++ b/base/cfk-base/2.2.0/crds/platform.confluent.io_kafkarestclasses.yaml @@ -0,0 +1,304 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_kafkarestclasses.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: kafkarestclasses.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: KafkaRestClass + listKind: KafkaRestClassList + plural: kafkarestclasses + shortNames: + - krc + - kafkarestclass + singular: kafkarestclass + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: KafkaRestClass is the Schema for the kafkarestclasses API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KafkaRestClassSpec defines the desired state of KafkaRestClass + properties: + kafkaClusterRef: + description: KafkaClusterRef defines the name of the kafka cluster + properties: + name: + description: Name defines name of the cluster + type: string + namespace: + description: Namespace defines namespace where cluster is running + type: string + required: + - name + type: object + kafkaRest: + description: KafkaRestApiInfo defines Kafka Rest API configuration + properties: + authentication: + description: Authentication defines the Rest API authentication + mechanism + properties: + basic: + description: Basic defines basic authentication for the rest + client + properties: + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + bearer: + description: BearerAuthentication defines bearer authentication + for the rest client + properties: + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: + enum: + - basic + - bearer + - mtls + type: string + required: + - type + type: object + endpoint: + description: Endpoint defines where confluent Rest API is running + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: TLSDependencyConfig defines custom TLS structure + for the child resources(connector, topic, schema, etc) of CP + component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. + minLength: 1 + type: string + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: object + secondaryKafkaClusterRef: + description: SecondaryKafkaClusterRef defines the name of the secondary + kafka cluster when using centralized RBAC + properties: + name: + description: Name defines name of the cluster + type: string + namespace: + description: Namespace defines namespace where cluster is running + type: string + required: + - name + type: object + secondaryKafkaRest: + description: SeconaryKafkaRestApiInfo defines secondary Kafka Rest + API configuration when using centralized RBAC + properties: + authentication: + description: Authentication defines the Rest API authentication + mechanism + properties: + basic: + description: Basic defines basic authentication for the rest + client + properties: + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + bearer: + description: BearerAuthentication defines bearer authentication + for the rest client + properties: + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: + enum: + - basic + - bearer + - mtls + type: string + required: + - type + type: object + endpoint: + description: Endpoint defines where confluent Rest API is running + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: TLSDependencyConfig defines custom TLS structure + for the child resources(connector, topic, schema, etc) of CP + component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. + minLength: 1 + type: string + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: object + type: object + status: + description: KafkaRestClassStatus defines the observed state of KafkaRestClass + properties: + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition + is evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + endpoint: + description: Endpoint defines the kafkarest/mds endpoint + type: string + kafkaClusterId: + description: KafkaClusterId defines the cluster id of kafka cluster + If using centralized RBAC and kafkarestclass is for secondary kafka + cluster, it will be clusterId of secondary kafka cluster + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.2.0/crds/platform.confluent.io_kafkarestproxies.yaml b/base/cfk-base/2.2.0/crds/platform.confluent.io_kafkarestproxies.yaml new file mode 100644 index 0000000..422111d --- /dev/null +++ b/base/cfk-base/2.2.0/crds/platform.confluent.io_kafkarestproxies.yaml @@ -0,0 +1,2672 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_kafkarestproxies.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: kafkarestproxies.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: KafkaRestProxy + listKind: KafkaRestProxyList + plural: kafkarestproxies + shortNames: + - kafkarestproxy + - krp + singular: kafkarestproxy + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.replicas + name: Replicas + type: string + - jsonPath: .status.readyReplicas + name: Ready + type: string + - jsonPath: .status.phase + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.kafka.bootstrapEndpoint + name: Kafka + priority: 1 + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: KafkaRestProxy is the Schema for the kafkarestproxies API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KafkaRestProxySpec defines the desired state of KafkaRestProxy + properties: + authentication: + description: RestServerAuthentication server authentication support + to the CP Component + properties: + basic: + description: Basic defines basic authentication + properties: + debug: + description: Debug enables basic auth debug logs if true for + JAAS configuration + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic + credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on the + server side only. Changes will be only reflected in ControlCenter + (C3). This configuration is ignored on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on the + server side only. This configuration is ignored on the client + side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme for + Rest Server + enum: + - basic + - mtls + type: string + required: + - type + type: object + authorization: + description: ClientAuthorization define client side authorization + configuration for CP component. + properties: + kafkaRestClassRef: + description: KafkaRestClassRef defines the reference for KafkaRestClass + which defines Kafka Rest API + properties: + name: + description: Name defines the name of KafkaRestClass + minLength: 1 + type: string + namespace: + description: Namespace defines the namespace of the KafkaRestClass + type: string + required: + - name + type: object + type: + enum: + - rbac + type: string + required: + - type + type: object + configOverrides: + description: ConfigurationOverrides defines capability to override + server/jvm/log4j properties for each Confluent platform component. + Change will roll the cluster + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + dependencies: + description: KafkaRestProxyDependencies defines the dependencies for + KafkaRestProxy + properties: + interceptor: + description: InterceptorDependency defines interceptor settings + for CP component + properties: + configs: + description: Configs defines configs for the CP interceptor + Config override feature can be used to pass config + items: + type: string + type: array + consumer: + description: Consumer defines the consumer configuration for + interceptor. If not configured it will use the kafka dependency + configuration + properties: + authentication: + description: Authentication defines the authentication + for the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's + JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference + to pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete + JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name + referenced for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability + to discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component + is running Uses the same namespace where Operator + is running if not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side + TLS setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the + directory path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration + for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure + ignores the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name + referenced for jks password More information + about jks password key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + enabled: + description: Enabled defines to enable the CP interceptor + configuration + type: boolean + producer: + description: Producer defines the producer configuration for + interceptor. If not configured it will use the kafka dependency + configuration + properties: + authentication: + description: Authentication defines the authentication + for the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's + JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference + to pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete + JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name + referenced for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability + to discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component + is running Uses the same namespace where Operator + is running if not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side + TLS setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the + directory path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration + for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure + ignores the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name + referenced for jks password More information + about jks password key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + publishMs: + type: integer + required: + - enabled + type: object + kafka: + description: KafkaClientDependency allows configuring CP component + dependency to configure kafka settings + properties: + authentication: + description: Authentication defines the authentication for + the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to + pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to + discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if + not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: MDSDependencies defines MDS configure when CP RBAC + is enabled + properties: + authentication: + description: Authentication defines MDS authentication configuration + properties: + bearer: + description: BearerAuthentication defines bearer authentication + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines the authentication type support + for MDS + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: Endpoint defines the mds endpoint + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: ClientTLSConfig defines TLS configuration for + CP component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: TokenKeyPair defines the token keypair to configure + MDS + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - authentication + - endpoint + - tokenKeyPair + type: object + schemaRegistry: + description: SchemaRegistryClientDependency allows configuring + CP component dependency to configure schemaRegistry settings + properties: + authentication: + description: Authentication defines the authentication for + the schemaregistry cluster + properties: + basic: + description: Basic defines basic authentication + properties: + debug: + description: Debug enables basic auth debug logs if + true for JAAS configuration + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass + basic credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles + on the server side only. Changes will be only reflected + in ControlCenter (C3). This configuration is ignored + on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is ignored + on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for schemaregistry cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - url + type: object + type: object + externalAccess: + description: CPExternalAccess holds all external access policies for + non-kafka components + properties: + loadBalancer: + description: LoadBalancer allows to create a kubernetes load balancer + service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the + kubernetes service type load balancer + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring source + range + items: + type: string + type: array + port: + description: Port allows to configure external port for client + consumption If not configured, same internal/external port + will be configured per component Information about the port + can be retrieved through status API + format: int32 + type: integer + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard service + names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be + enabled with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in + the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this + is not specified, the value of the ''port'' field + is used (an identity map). This field is ignored for + services with clusterIP=None, and should be omitted + or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'SessionAffinity Supports "ClientIP" and "None". + Used to maintain session affinity. Enable client IP based + session affinity. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of session affinity + properties: + clientIP: + description: clientIP contains the configurations of Client + IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node port + service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the + kubernetes service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port offset + to be used and will go in the increasing order with respect + to the replicas count NodePort service creation will fail + if the node port to be used is not in the range supported + by kubernetes api-server. The default kubernetes NodePort + range is 30000-32762 + format: int32 + minimum: 0 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) For Kafka with nodePort type, it will only + apply to kafka bootstrap service + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard service + names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be + enabled with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in + the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this + is not specified, the value of the ''port'' field + is used (an identity map). This field is ignored for + services with clusterIP=None, and should be omitted + or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'SessionAffinity Supports "ClientIP" and "None". + Used to maintain session affinity. Enable client IP based + session affinity. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of session affinity + properties: + clientIP: + description: clientIP contains the configurations of Client + IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for OpenShift + Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the + OpenShift service type route + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. It defaults + to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: Type defines supported kubernetes external services + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + image: + description: Image defines application and init docker image configuration. + Change will roll the cluster + properties: + application: + description: Application defines application docker image name + pattern: .+:.+ + type: string + init: + description: Init defines init-container name + pattern: .+:.+ + type: string + pullPolicy: + description: ImagePullPolicy, One of Always, Never, IfNotPresent. + Defaults to IfNotPresent. + enum: + - Always + - Never + - IfNotPresent + type: string + pullSecretRef: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods + that reference this ServiceAccount. ImagePullSecrets are distinct + from Secrets because Secrets can be mounted in the pod, but + ImagePullSecrets are only accessed by the kubelet. More info: + https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: InjectAnnotations annotations are injected to all the + internal resources created by Operator. All the internal annotations + is preserved and forbidden to override. For pod annotations, use + podTemplate.annotations + type: object + injectLabels: + additionalProperties: + type: string + description: InjectLabels labels are injected to all the internal + resources created by Operator. All the internal labels is preserved + and forbidden to override. For pod labels, use podTemplate.labels + type: object + k8sClusterDomain: + description: K8SClusterDomain defines configuring kubernetes cluster + domain if required. If this setting is not configured it will default + to cluster.local domain. + type: string + license: + description: License defines license configuration for Confluent + platform component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where license key is mounted. More information + about the usage be found in Confluent Operator document. + minLength: 1 + type: string + globalLicense: + description: GlobalLicense specifies whether operator pod license + will be used for this component If enabled then Confluent platform + component shares Confluent Operator license. + type: boolean + secretRef: + description: SecretRef is secret reference which provides license + for CP component More information about the license key struct + can be found in Confluent Operator document. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + metrics: + description: Metrics specifies the security settings for metric services + properties: + authentication: + description: Metrics security authentication + properties: + type: + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: Override for jmx-prometheus exporter configs + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Prometheus exporter rule override + properties: + attrNameSnakeCase: + type: boolean + cache: + type: boolean + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: MountedSecrets defines list of secrets reference injected + to the the underlying statefulset configuration. The secret reference + is mounted secret mounted in default path /mnt/secrets/. + The underlying resources will follow the secret as a file configuration + as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod + Change will roll the cluster + items: + description: MountedSecrets allows provides a way to inject custom + secret to underlying statefulset. + properties: + keyItems: + description: keyItems is list of key and path names + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be in + conflict with other options that affect the file mode, + like fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: SecretRef defines the secret name referenced + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + oneReplicaPerNode: + description: OneReplicaPerNode enforces to run 1 pod per node through + pod anti-affinity capability. Enabling this configuration in existing + cluster will roll. Change will roll the cluster + type: boolean + podTemplate: + description: PodTemplate defines some statefulset pod template configuration + properties: + affinity: + description: 'Affinity is a group of affinity scheduling rules. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from + its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term + matches no objects. The requirements of them are + ANDed. The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node that + violates one or more of the expressions. The node that + is most preferred is the one with the greatest sum of + weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod + label update), the system may or may not try to eventually + evict the pod from its node. When there are multiple + elements, the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations defines an unstructured key value map + stored with a resource that may be set by external tools to + store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + envVars: + description: 'EnvVars defines the collection of EnvVar to inject + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Labels defines map of string keys and values that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present + in container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to + all containers in a pod. Some volume types allow the Kubelet + to change the ownership of that volume to be owned by the + pod: \n 1. The owning GID will be the FSGroup 2. The setgid + bit is set (new files created in the volume will be owned + by FSGroup) 3. The permission bits are OR'd with rw-rw---- + \n If unset, the Kubelet will not modify the ownership and + permissions of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence + for that container. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process + run in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options within a container's + SecurityContext will be used. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName defines priority class for the + pod (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: Probe defines some fields of standard kubernetes + readiness/liveness probe configuration. + properties: + liveness: + description: Liveness allows to configure some some probe + configuration The changes will override the existing default + configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has + started before probes are initiated. CP component comes + with right configuration, not required to change most + of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + readiness: + description: Readiness allows to configure some some probe + configuration The changes will override the existing default + configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has + started before probes are initiated. CP component comes + with right configuration, not required to change most + of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + type: object + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds defines grace period + for pod deletion + format: int64 + type: integer + tolerations: + description: Tolerations defines The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator . + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraints describes how a group of + pods ought to spread across topology domains. Scheduler will + schedule pods in a way which abides by the constraints. All + topologySpreadConstraints are ANDed. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods + may be unevenly distributed. It''s the maximum permitted + difference between the number of matching pods in any + two topology domains of a given topology type. For example, + in a 3-zone cluster, MaxSkew is set to 1, and pods with + the same labelSelector spread as 1/1/0: | zone1 | zone2 + | zone3 | | P | P | | - if MaxSkew is 1, + incoming pod can only be scheduled to zone3 to become + 1/1/1; scheduling it onto zone1(zone2) would make the + ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - + if MaxSkew is 2, incoming pod can be scheduled onto any + zone. It''s a required field. Default value is 1 and 0 + is not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - + DoNotSchedule (default) tells the scheduler not to schedule + it - ScheduleAnyway tells the scheduler to still schedule + it It''s considered as "Unsatisfiable" if and only if + placing incoming pod on any topology violates "MaxSkew". + For example, in a 3-zone cluster, MaxSkew is set to 1, + and pods with the same labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | | P P P | P | P | If + WhenUnsatisfiable is set to DoNotSchedule, incoming pod + can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). + In other words, the cluster can still be imbalanced, but + scheduler won''t make it *more* imbalanced. It''s a required + field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + replicas: + description: Replicas is the desired number of replicas of the given + Template. Change will roll the cluster + format: int32 + type: integer + telemetry: + description: ConfluentTelemetry provides a way to disable global confluent + telemetry setting configure as part of operator deployment. + properties: + global: + description: Global will allow disabling telemetry configuration. + If Operator is deployed with telemetry, this field is only is + used to disabled. By default the value is true if telemetry + is enabled in global level. + type: boolean + type: object + tls: + description: TLS allows configuring CP Component's server configuration + properties: + autoGeneratedCerts: + description: AutoGenerated if configures generates the certificates + based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where keystore/truststore.jks/jksPassword.txt keys + are mounted. CP will not configure truststore.jks can be ignored + with IgnoreTrustStoreConfig field + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced for + jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value format + can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - image + - replicas + type: object + status: + description: KafkaRestProxyStatus defines the observed state of KafkaRestProxy + properties: + authorizationType: + type: string + clusterName: + description: ClusterName defines the name of the cluster + type: string + clusterNamespace: + description: ClusterNamespace provides the namespace where cluster + is running + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition + is evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + currentReplicas: + description: CurrentReplicas defines current running replicas + format: int32 + type: integer + internalSecrets: + description: InternalSecrets defines the list of internal secrets + created by Operator for each CP component. + items: + type: string + type: array + internalTopicNames: + description: InternalTopicNames is a list of topics used by the component + for internal use + items: + type: string + type: array + kafka: + description: KafkaClientInfoStatus defines the kafka client side status + for all CP component + properties: + authenticationType: + description: AuthenticationType defines the authentication type + for kafka + type: string + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + type: string + tls: + description: TLS defines if tls is enabled for kafka dependency + type: boolean + type: object + metricPrefix: + type: string + operatorVersion: + description: OperatorVersion defines the internal version of operator + type: string + phase: + description: Phase defines the state of the CP component + type: string + rbac: + description: RBACInfoStatus defines RBAC related status when RBAC + is enabled + properties: + clusterId: + description: ClusterId defines the id of cluster + type: string + internalRolebindings: + description: RolebindingState defines the state of internal rolebindings + items: + type: string + type: array + type: object + readyReplicas: + description: ReadyReplicas defines current ready replicas + format: int32 + type: integer + replicas: + description: Replicas defines replicas + format: int32 + type: integer + restConfig: + description: ListenerStatus describes general information about a + listeners + properties: + advertisedExternalEndpoints: + description: AdvertisedExternalEndpoints defines other advertised + endpoints, especially use for kafka + items: + type: string + type: array + authenticationType: + description: AuthenticationType defines authentication type configured + by a listener + type: string + externalAccessType: + description: ExternalAccessType is the external access type used + for the listener + type: string + externalEndpoint: + description: ExternalEndpoint defines the external endpoint to + connect to the service + type: string + internalEndpoint: + description: InternalEndpoint defines the internal endpoint to + connect to the service + type: string + tls: + description: TLS defines whether tls is configured by a listener + type: boolean + type: object + selector: + description: Selector gets the label selector of the child pod. The + Horizontal Pod Autoscaler(HPA) will scale using label selector of + the child pod. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/crds/crds/platform.confluent.io_kafkas.yaml b/base/cfk-base/2.2.0/crds/platform.confluent.io_kafkas.yaml similarity index 100% rename from base/crds/crds/platform.confluent.io_kafkas.yaml rename to base/cfk-base/2.2.0/crds/platform.confluent.io_kafkas.yaml diff --git a/base/cfk-base/2.2.0/crds/platform.confluent.io_kafkatopics.yaml b/base/cfk-base/2.2.0/crds/platform.confluent.io_kafkatopics.yaml new file mode 100644 index 0000000..6936def --- /dev/null +++ b/base/cfk-base/2.2.0/crds/platform.confluent.io_kafkatopics.yaml @@ -0,0 +1,264 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_kafkatopics.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: kafkatopics.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: KafkaTopic + listKind: KafkaTopicList + plural: kafkatopics + shortNames: + - kt + - topic + singular: kafkatopic + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.replicas + name: Replicas + type: string + - jsonPath: .status.partitionCount + name: Partition + type: string + - jsonPath: .status.state + name: Status + type: string + - jsonPath: .status.kafkaClusterId + name: ClusterId + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.kafkaCluster + name: KafkaCluster + priority: 1 + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: KafkaTopic is the Schema for the kafkatopics API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KafkaTopicSpec defines the desired state of KafkaTopic + properties: + configs: + additionalProperties: + type: string + description: Configs allows passing configs for topic More information + about topic configs is available here https://docs.confluent.io/current/installation/configuration/topic-configs.html + type: object + kafkaClusterRef: + description: KafkaClusterRef defines the name of the kafka cluster + properties: + name: + description: Name defines name of the cluster + type: string + namespace: + description: Namespace defines namespace where cluster is running + type: string + required: + - name + type: object + kafkaRest: + description: KafkaRestRef defines the Kafka Rest API configuration + properties: + authentication: + description: Authentication defines the Rest API authentication + mechanism + properties: + basic: + description: Basic defines basic authentication for the rest + client + properties: + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + bearer: + description: BearerAuthentication defines bearer authentication + for the rest client + properties: + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: + enum: + - basic + - bearer + - mtls + type: string + required: + - type + type: object + endpoint: + description: Endpoint defines where confluent Rest API is running + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: TLSDependencyConfig defines custom TLS structure + for the child resources(connector, topic, schema, etc) of CP + component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. + minLength: 1 + type: string + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: object + kafkaRestClassRef: + description: KafkaRestClassRef defines the reference for KafkaRestClass + which defines Kafka Rest API + properties: + name: + description: Name defines the name of KafkaRestClass + minLength: 1 + type: string + namespace: + description: Namespace defines the namespace of the KafkaRestClass + type: string + required: + - name + type: object + name: + description: Name defines the topic name. If not configured uses the + CR name as topic name. + maxLength: 255 + minLength: 1 + pattern: ^[a-zA-Z0-9\._\-]*$ + type: string + partitionCount: + description: PartitionCount defines the partition count. If not configured + then it will be defaulted to whatever kafkarest V3 APIs supports + format: int32 + type: integer + replicas: + description: Replicas defines the replication factor for a topic. + If not configured then it will be defaulted to whatever kafkarest + V3 APIs supports + format: int32 + type: integer + type: object + status: + description: KafkaTopicStatus defines the observed state of KafkaTopic + properties: + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition + is evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + kafkaCluster: + type: string + kafkaClusterId: + type: string + kafkaRestEndpoint: + type: string + partitionCount: + format: int32 + type: integer + replicas: + format: int32 + type: integer + state: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.2.0/crds/platform.confluent.io_ksqldbs.yaml b/base/cfk-base/2.2.0/crds/platform.confluent.io_ksqldbs.yaml new file mode 100644 index 0000000..e501458 --- /dev/null +++ b/base/cfk-base/2.2.0/crds/platform.confluent.io_ksqldbs.yaml @@ -0,0 +1,2697 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_ksqldbs.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: ksqldbs.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: KsqlDB + listKind: KsqlDBList + plural: ksqldbs + shortNames: + - ksqldb + - ksql + singular: ksqldb + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.replicas + name: Replicas + type: string + - jsonPath: .status.readyReplicas + name: Ready + type: string + - jsonPath: .status.phase + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.kafka.bootstrapEndpoint + name: Kafka + priority: 1 + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: KsqlDB is the Schema for the ksql API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KafkaSpec defines the desired state of CP component, Kafka + Server + properties: + authentication: + description: Authentication specifies whether auth is needed when + accessing the ksqlDB rest server. + properties: + basic: + description: Basic defines basic authentication + properties: + debug: + description: Debug enables basic auth debug logs if true for + JAAS configuration + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic + credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on the + server side only. Changes will be only reflected in ControlCenter + (C3). This configuration is ignored on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on the + server side only. This configuration is ignored on the client + side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme for + Rest Server + enum: + - basic + - mtls + type: string + required: + - type + type: object + authorization: + description: Authorization configuration defines RBAC configuration + properties: + kafkaRestClassRef: + description: KafkaRestClassRef defines the reference for KafkaRestClass + which defines Kafka Rest API + properties: + name: + description: Name defines the name of KafkaRestClass + minLength: 1 + type: string + namespace: + description: Namespace defines the namespace of the KafkaRestClass + type: string + required: + - name + type: object + type: + enum: + - rbac + type: string + required: + - type + type: object + configOverrides: + description: ConfigurationOverrides defines capability to override + server/jvm/log4j properties for each Confluent platform component. + Change will roll the cluster + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + dataVolumeCapacity: + anyOf: + - type: integer + - type: string + description: Data volume + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + dependencies: + description: Dependencies defines dependencies Kafka, interceptor, + schemaregistry, mds dependencies + properties: + interceptor: + description: InterceptorDependency defines interceptor settings + for CP component + properties: + configs: + description: Configs defines configs for the CP interceptor + Config override feature can be used to pass config + items: + type: string + type: array + consumer: + description: Consumer defines the consumer configuration for + interceptor. If not configured it will use the kafka dependency + configuration + properties: + authentication: + description: Authentication defines the authentication + for the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's + JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference + to pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete + JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name + referenced for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability + to discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component + is running Uses the same namespace where Operator + is running if not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side + TLS setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the + directory path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration + for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure + ignores the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name + referenced for jks password More information + about jks password key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + enabled: + description: Enabled defines to enable the CP interceptor + configuration + type: boolean + producer: + description: Producer defines the producer configuration for + interceptor. If not configured it will use the kafka dependency + configuration + properties: + authentication: + description: Authentication defines the authentication + for the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's + JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference + to pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete + JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name + referenced for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability + to discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component + is running Uses the same namespace where Operator + is running if not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side + TLS setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the + directory path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration + for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure + ignores the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name + referenced for jks password More information + about jks password key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + publishMs: + type: integer + required: + - enabled + type: object + kafka: + description: KafkaClientDependency allows configuring CP component + dependency to configure kafka settings + properties: + authentication: + description: Authentication defines the authentication for + the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to + pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to + discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if + not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: MDSDependencies defines MDS configure when CP RBAC + is enabled + properties: + authentication: + description: Authentication defines MDS authentication configuration + properties: + bearer: + description: BearerAuthentication defines bearer authentication + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines the authentication type support + for MDS + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: Endpoint defines the mds endpoint + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: ClientTLSConfig defines TLS configuration for + CP component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: TokenKeyPair defines the token keypair to configure + MDS + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - authentication + - endpoint + - tokenKeyPair + type: object + schemaRegistry: + description: SchemaRegistryClientDependency allows configuring + CP component dependency to configure schemaRegistry settings + properties: + authentication: + description: Authentication defines the authentication for + the schemaregistry cluster + properties: + basic: + description: Basic defines basic authentication + properties: + debug: + description: Debug enables basic auth debug logs if + true for JAAS configuration + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass + basic credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles + on the server side only. Changes will be only reflected + in ControlCenter (C3). This configuration is ignored + on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is ignored + on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for schemaregistry cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - url + type: object + type: object + externalAccess: + description: Provides configuring endpoints and services to make ksqlDB + accessible from outside the cluster + properties: + loadBalancer: + description: LoadBalancer allows to create a kubernetes load balancer + service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the + kubernetes service type load balancer + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring source + range + items: + type: string + type: array + port: + description: Port allows to configure external port for client + consumption If not configured, same internal/external port + will be configured per component Information about the port + can be retrieved through status API + format: int32 + type: integer + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard service + names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be + enabled with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in + the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this + is not specified, the value of the ''port'' field + is used (an identity map). This field is ignored for + services with clusterIP=None, and should be omitted + or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'SessionAffinity Supports "ClientIP" and "None". + Used to maintain session affinity. Enable client IP based + session affinity. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of session affinity + properties: + clientIP: + description: clientIP contains the configurations of Client + IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node port + service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the + kubernetes service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port offset + to be used and will go in the increasing order with respect + to the replicas count NodePort service creation will fail + if the node port to be used is not in the range supported + by kubernetes api-server. The default kubernetes NodePort + range is 30000-32762 + format: int32 + minimum: 0 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) For Kafka with nodePort type, it will only + apply to kafka bootstrap service + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard service + names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be + enabled with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in + the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this + is not specified, the value of the ''port'' field + is used (an identity map). This field is ignored for + services with clusterIP=None, and should be omitted + or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'SessionAffinity Supports "ClientIP" and "None". + Used to maintain session affinity. Enable client IP based + session affinity. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of session affinity + properties: + clientIP: + description: clientIP contains the configurations of Client + IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for OpenShift + Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the + OpenShift service type route + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. It defaults + to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: Type defines supported kubernetes external services + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + image: + description: Image defines application and init docker image configuration. + Change will roll the cluster + properties: + application: + description: Application defines application docker image name + pattern: .+:.+ + type: string + init: + description: Init defines init-container name + pattern: .+:.+ + type: string + pullPolicy: + description: ImagePullPolicy, One of Always, Never, IfNotPresent. + Defaults to IfNotPresent. + enum: + - Always + - Never + - IfNotPresent + type: string + pullSecretRef: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods + that reference this ServiceAccount. ImagePullSecrets are distinct + from Secrets because Secrets can be mounted in the pod, but + ImagePullSecrets are only accessed by the kubelet. More info: + https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: InjectAnnotations annotations are injected to all the + internal resources created by Operator. All the internal annotations + is preserved and forbidden to override. For pod annotations, use + podTemplate.annotations + type: object + injectLabels: + additionalProperties: + type: string + description: InjectLabels labels are injected to all the internal + resources created by Operator. All the internal labels is preserved + and forbidden to override. For pod labels, use podTemplate.labels + type: object + internalTopicReplicationFactor: + description: Replication factor for internal topics + format: int32 + type: integer + k8sClusterDomain: + description: K8SClusterDomain defines configuring kubernetes cluster + domain if required. If this setting is not configured it will default + to cluster.local domain. + type: string + license: + description: License defines license configuration for Confluent + platform component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where license key is mounted. More information + about the usage be found in Confluent Operator document. + minLength: 1 + type: string + globalLicense: + description: GlobalLicense specifies whether operator pod license + will be used for this component If enabled then Confluent platform + component shares Confluent Operator license. + type: boolean + secretRef: + description: SecretRef is secret reference which provides license + for CP component More information about the license key struct + can be found in Confluent Operator document. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + metrics: + description: Metrics specifies the security settings for metric services + properties: + authentication: + description: Metrics security authentication + properties: + type: + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: Override for jmx-prometheus exporter configs + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Prometheus exporter rule override + properties: + attrNameSnakeCase: + type: boolean + cache: + type: boolean + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: MountedSecrets defines list of secrets reference injected + to the the underlying statefulset configuration. The secret reference + is mounted secret mounted in default path /mnt/secrets/. + The underlying resources will follow the secret as a file configuration + as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod + Change will roll the cluster + items: + description: MountedSecrets allows provides a way to inject custom + secret to underlying statefulset. + properties: + keyItems: + description: keyItems is list of key and path names + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be in + conflict with other options that affect the file mode, + like fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: SecretRef defines the secret name referenced + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + oneReplicaPerNode: + description: OneReplicaPerNode enforces to run 1 pod per node through + pod anti-affinity capability. Enabling this configuration in existing + cluster will roll. Change will roll the cluster + type: boolean + podTemplate: + description: PodTemplate defines some statefulset pod template configuration + properties: + affinity: + description: 'Affinity is a group of affinity scheduling rules. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from + its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term + matches no objects. The requirements of them are + ANDed. The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node that + violates one or more of the expressions. The node that + is most preferred is the one with the greatest sum of + weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod + label update), the system may or may not try to eventually + evict the pod from its node. When there are multiple + elements, the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations defines an unstructured key value map + stored with a resource that may be set by external tools to + store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + envVars: + description: 'EnvVars defines the collection of EnvVar to inject + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Labels defines map of string keys and values that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present + in container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to + all containers in a pod. Some volume types allow the Kubelet + to change the ownership of that volume to be owned by the + pod: \n 1. The owning GID will be the FSGroup 2. The setgid + bit is set (new files created in the volume will be owned + by FSGroup) 3. The permission bits are OR'd with rw-rw---- + \n If unset, the Kubelet will not modify the ownership and + permissions of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence + for that container. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process + run in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options within a container's + SecurityContext will be used. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName defines priority class for the + pod (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: Probe defines some fields of standard kubernetes + readiness/liveness probe configuration. + properties: + liveness: + description: Liveness allows to configure some some probe + configuration The changes will override the existing default + configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has + started before probes are initiated. CP component comes + with right configuration, not required to change most + of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + readiness: + description: Readiness allows to configure some some probe + configuration The changes will override the existing default + configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has + started before probes are initiated. CP component comes + with right configuration, not required to change most + of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + type: object + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds defines grace period + for pod deletion + format: int64 + type: integer + tolerations: + description: Tolerations defines The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator . + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraints describes how a group of + pods ought to spread across topology domains. Scheduler will + schedule pods in a way which abides by the constraints. All + topologySpreadConstraints are ANDed. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods + may be unevenly distributed. It''s the maximum permitted + difference between the number of matching pods in any + two topology domains of a given topology type. For example, + in a 3-zone cluster, MaxSkew is set to 1, and pods with + the same labelSelector spread as 1/1/0: | zone1 | zone2 + | zone3 | | P | P | | - if MaxSkew is 1, + incoming pod can only be scheduled to zone3 to become + 1/1/1; scheduling it onto zone1(zone2) would make the + ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - + if MaxSkew is 2, incoming pod can be scheduled onto any + zone. It''s a required field. Default value is 1 and 0 + is not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - + DoNotSchedule (default) tells the scheduler not to schedule + it - ScheduleAnyway tells the scheduler to still schedule + it It''s considered as "Unsatisfiable" if and only if + placing incoming pod on any topology violates "MaxSkew". + For example, in a 3-zone cluster, MaxSkew is set to 1, + and pods with the same labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | | P P P | P | P | If + WhenUnsatisfiable is set to DoNotSchedule, incoming pod + can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). + In other words, the cluster can still be imbalanced, but + scheduler won''t make it *more* imbalanced. It''s a required + field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + replicas: + description: Replicas is the desired number of replicas of the given + Template. Change will roll the cluster + format: int32 + type: integer + storageClass: + description: Storage class used for creating pvc's of created ksqlDB + pods + properties: + name: + description: Name defines name is the storage class reference + name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + telemetry: + description: ConfluentTelemetry defines the confluent telemetry reporter + configuration + properties: + global: + description: Global will allow disabling telemetry configuration. + If Operator is deployed with telemetry, this field is only is + used to disabled. By default the value is true if telemetry + is enabled in global level. + type: boolean + type: object + tls: + description: Specifies TLS configurations for the ksqlDB rest server. + properties: + autoGeneratedCerts: + description: AutoGenerated if configures generates the certificates + based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where keystore/truststore.jks/jksPassword.txt keys + are mounted. CP will not configure truststore.jks can be ignored + with IgnoreTrustStoreConfig field + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced for + jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value format + can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - dataVolumeCapacity + - image + - replicas + type: object + status: + description: KsqlDBStatus defines the observed state of KSQLServer + properties: + authorizationType: + type: string + clusterName: + description: ClusterName defines the name of the cluster + type: string + clusterNamespace: + description: ClusterNamespace provides the namespace where cluster + is running + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition + is evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + currentReplicas: + description: CurrentReplicas defines current running replicas + format: int32 + type: integer + internalSecrets: + description: InternalSecrets defines the list of internal secrets + created by Operator for each CP component. + items: + type: string + type: array + internalTopicNames: + description: InternalTopicNames is a list of topics used by the component + for internal use + items: + type: string + type: array + kafka: + description: KafkaClientInfoStatus defines the kafka client side status + for all CP component + properties: + authenticationType: + description: AuthenticationType defines the authentication type + for kafka + type: string + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + type: string + tls: + description: TLS defines if tls is enabled for kafka dependency + type: boolean + type: object + operatorVersion: + description: OperatorVersion defines the internal version of operator + type: string + phase: + description: Phase defines the state of the CP component + type: string + rbac: + description: RBACInfoStatus defines RBAC related status when RBAC + is enabled + properties: + clusterId: + description: ClusterId defines the id of cluster + type: string + internalRolebindings: + description: RolebindingState defines the state of internal rolebindings + items: + type: string + type: array + type: object + readyReplicas: + description: ReadyReplicas defines current ready replicas + format: int32 + type: integer + replicas: + description: Replicas defines replicas + format: int32 + type: integer + restConfig: + description: ListenerStatus describes general information about a + listeners + properties: + advertisedExternalEndpoints: + description: AdvertisedExternalEndpoints defines other advertised + endpoints, especially use for kafka + items: + type: string + type: array + authenticationType: + description: AuthenticationType defines authentication type configured + by a listener + type: string + externalAccessType: + description: ExternalAccessType is the external access type used + for the listener + type: string + externalEndpoint: + description: ExternalEndpoint defines the external endpoint to + connect to the service + type: string + internalEndpoint: + description: InternalEndpoint defines the internal endpoint to + connect to the service + type: string + tls: + description: TLS defines whether tls is configured by a listener + type: boolean + type: object + selector: + description: Selector gets the label selector of the child pod. The + Horizontal Pod Autoscaler(HPA) will scale using label selector of + the child pod. + type: string + serviceId: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.2.0/crds/platform.confluent.io_migrationjobs.yaml b/base/cfk-base/2.2.0/crds/platform.confluent.io_migrationjobs.yaml new file mode 100644 index 0000000..adb0bb7 --- /dev/null +++ b/base/cfk-base/2.2.0/crds/platform.confluent.io_migrationjobs.yaml @@ -0,0 +1,691 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_migrationjobs.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: migrationjobs.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: MigrationJob + listKind: MigrationJobList + plural: migrationjobs + shortNames: + - migrationjob + - migration + singular: migrationjob + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: MigrationJob is the Schema for the migrationjobs API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MigrationJobSpec defines the desired state of MigrationJob + properties: + blockReconcile: + type: boolean + connect: + description: ConnectMigrationJobSpec defines the desired state of + Connect after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that + may be set by external tools to store and retrieve arbitrary + metadata. They are not queryable and should be preserved when + modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing + configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing + configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing + configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication + controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must + be unique. An empty namespace is equivalent to the "default" + namespace, but "default" is the canonical representation. Not + all objects are required to be scoped to a namespace - the value + of this field for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + controlcenter: + description: ControlCenterMigrationJobSpec defines the desired state + of ControlCenter after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that + may be set by external tools to store and retrieve arbitrary + metadata. They are not queryable and should be preserved when + modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing + configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing + configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing + configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication + controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must + be unique. An empty namespace is equivalent to the "default" + namespace, but "default" is the canonical representation. Not + all objects are required to be scoped to a namespace - the value + of this field for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + initContainerImage: + minLength: 1 + type: string + kafka: + description: KafkaMigrationJobSpec defines the descired state of Kafka + after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that + may be set by external tools to store and retrieve arbitrary + metadata. They are not queryable and should be preserved when + modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing + configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing + configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing + configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication + controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must + be unique. An empty namespace is equivalent to the "default" + namespace, but "default" is the canonical representation. Not + all objects are required to be scoped to a namespace - the value + of this field for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + ksqldb: + description: KsqlDBMigrationJobSpec defines the desired state of KsqlDB + after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that + may be set by external tools to store and retrieve arbitrary + metadata. They are not queryable and should be preserved when + modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing + configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing + configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing + configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication + controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must + be unique. An empty namespace is equivalent to the "default" + namespace, but "default" is the canonical representation. Not + all objects are required to be scoped to a namespace - the value + of this field for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + pullSecretRef: + items: + type: string + type: array + replicator: + description: ReplicatorMigrationJobSpec defines the desired state + of Replicator after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that + may be set by external tools to store and retrieve arbitrary + metadata. They are not queryable and should be preserved when + modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing + configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing + configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing + configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication + controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must + be unique. An empty namespace is equivalent to the "default" + namespace, but "default" is the canonical representation. Not + all objects are required to be scoped to a namespace - the value + of this field for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + schemaRegistry: + description: SchemaRegistryMigrationJobSpec defines the desired state + of SchemaRegistry after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that + may be set by external tools to store and retrieve arbitrary + metadata. They are not queryable and should be preserved when + modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing + configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing + configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing + configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication + controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must + be unique. An empty namespace is equivalent to the "default" + namespace, but "default" is the canonical representation. Not + all objects are required to be scoped to a namespace - the value + of this field for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + skipCleanup: + type: boolean + skipRollback: + type: boolean + zookeeper: + description: ZookeeperMigrationJobSpec defines the desired state of + Zookeeper after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that + may be set by external tools to store and retrieve arbitrary + metadata. They are not queryable and should be preserved when + modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing + configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing + configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing + configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication + controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must + be unique. An empty namespace is equivalent to the "default" + namespace, but "default" is the canonical representation. Not + all objects are required to be scoped to a namespace - the value + of this field for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + required: + - initContainerImage + type: object + status: + description: MigrationJobStatus defines the observed state of MigrationJob + properties: + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition + is evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + connect: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + controlcenter: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + kafka: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + ksqldb: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + phase: + type: string + replicator: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + schemaRegistry: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + zookeeper: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + required: + - phase + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.2.0/crds/platform.confluent.io_schemaregistries.yaml b/base/cfk-base/2.2.0/crds/platform.confluent.io_schemaregistries.yaml new file mode 100644 index 0000000..2797e14 --- /dev/null +++ b/base/cfk-base/2.2.0/crds/platform.confluent.io_schemaregistries.yaml @@ -0,0 +1,2293 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_schemaregistries.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: schemaregistries.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: SchemaRegistry + listKind: SchemaRegistryList + plural: schemaregistries + shortNames: + - schemaregistry + - sr + singular: schemaregistry + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.replicas + name: Replicas + type: string + - jsonPath: .status.readyReplicas + name: Ready + type: string + - jsonPath: .status.phase + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.kafka.bootstrapEndpoint + name: Kafka + priority: 1 + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: SchemaRegistry is the Schema for the schemaregistries API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SchemaRegistrySpec defines the desired state of SchemaRegistry + properties: + authentication: + description: Authentication defines the rest-endpoint configuration + properties: + basic: + description: Basic defines basic authentication + properties: + debug: + description: Debug enables basic auth debug logs if true for + JAAS configuration + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic + credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on the + server side only. Changes will be only reflected in ControlCenter + (C3). This configuration is ignored on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on the + server side only. This configuration is ignored on the client + side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme for + Rest Server + enum: + - basic + - mtls + type: string + required: + - type + type: object + authorization: + description: Authorization defines authorization configurations + properties: + kafkaRestClassRef: + description: KafkaRestClassRef defines the reference for KafkaRestClass + which defines Kafka Rest API + properties: + name: + description: Name defines the name of KafkaRestClass + minLength: 1 + type: string + namespace: + description: Namespace defines the namespace of the KafkaRestClass + type: string + required: + - name + type: object + type: + enum: + - rbac + type: string + required: + - type + type: object + configOverrides: + description: ConfigurationOverrides defines capability to override + server/jvm/log4j properties for each Confluent platform component. + Change will roll the cluster + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + dependencies: + description: Dependencies defines all the dependencies service configuration + properties: + kafka: + description: Kafka defines kafka dependencies configuration + properties: + authentication: + description: Authentication defines the authentication for + the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to + pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to + discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if + not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: MDSDependencies defines the RBAC dependencies configurations + properties: + authentication: + description: Authentication defines MDS authentication configuration + properties: + bearer: + description: BearerAuthentication defines bearer authentication + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines the authentication type support + for MDS + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: Endpoint defines the mds endpoint + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: ClientTLSConfig defines TLS configuration for + CP component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: TokenKeyPair defines the token keypair to configure + MDS + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - authentication + - endpoint + - tokenKeyPair + type: object + type: object + externalAccess: + description: ExternalAccess defines the external access configuration + properties: + loadBalancer: + description: LoadBalancer allows to create a kubernetes load balancer + service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the + kubernetes service type load balancer + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring source + range + items: + type: string + type: array + port: + description: Port allows to configure external port for client + consumption If not configured, same internal/external port + will be configured per component Information about the port + can be retrieved through status API + format: int32 + type: integer + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard service + names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be + enabled with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in + the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this + is not specified, the value of the ''port'' field + is used (an identity map). This field is ignored for + services with clusterIP=None, and should be omitted + or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'SessionAffinity Supports "ClientIP" and "None". + Used to maintain session affinity. Enable client IP based + session affinity. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of session affinity + properties: + clientIP: + description: clientIP contains the configurations of Client + IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node port + service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the + kubernetes service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port offset + to be used and will go in the increasing order with respect + to the replicas count NodePort service creation will fail + if the node port to be used is not in the range supported + by kubernetes api-server. The default kubernetes NodePort + range is 30000-32762 + format: int32 + minimum: 0 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) For Kafka with nodePort type, it will only + apply to kafka bootstrap service + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard service + names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be + enabled with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in + the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this + is not specified, the value of the ''port'' field + is used (an identity map). This field is ignored for + services with clusterIP=None, and should be omitted + or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'SessionAffinity Supports "ClientIP" and "None". + Used to maintain session affinity. Enable client IP based + session affinity. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of session affinity + properties: + clientIP: + description: clientIP contains the configurations of Client + IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for OpenShift + Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the + OpenShift service type route + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. It defaults + to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: Type defines supported kubernetes external services + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + image: + description: Image defines application and init docker image configuration. + Change will roll the cluster + properties: + application: + description: Application defines application docker image name + pattern: .+:.+ + type: string + init: + description: Init defines init-container name + pattern: .+:.+ + type: string + pullPolicy: + description: ImagePullPolicy, One of Always, Never, IfNotPresent. + Defaults to IfNotPresent. + enum: + - Always + - Never + - IfNotPresent + type: string + pullSecretRef: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods + that reference this ServiceAccount. ImagePullSecrets are distinct + from Secrets because Secrets can be mounted in the pod, but + ImagePullSecrets are only accessed by the kubelet. More info: + https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: InjectAnnotations annotations are injected to all the + internal resources created by Operator. All the internal annotations + is preserved and forbidden to override. For pod annotations, use + podTemplate.annotations + type: object + injectLabels: + additionalProperties: + type: string + description: InjectLabels labels are injected to all the internal + resources created by Operator. All the internal labels is preserved + and forbidden to override. For pod labels, use podTemplate.labels + type: object + internalTopicReplicatorFactor: + format: int32 + minimum: 1 + type: integer + k8sClusterDomain: + description: K8SClusterDomain defines configuring kubernetes cluster + domain if required. If this setting is not configured it will default + to cluster.local domain. + type: string + license: + description: License defines license configuration for Confluent + platform component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where license key is mounted. More information + about the usage be found in Confluent Operator document. + minLength: 1 + type: string + globalLicense: + description: GlobalLicense specifies whether operator pod license + will be used for this component If enabled then Confluent platform + component shares Confluent Operator license. + type: boolean + secretRef: + description: SecretRef is secret reference which provides license + for CP component More information about the license key struct + can be found in Confluent Operator document. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + metrics: + description: Metrics specifies the security settings for metric services + properties: + authentication: + description: Metrics security authentication + properties: + type: + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: Override for jmx-prometheus exporter configs + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Prometheus exporter rule override + properties: + attrNameSnakeCase: + type: boolean + cache: + type: boolean + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: MountedSecrets defines list of secrets reference injected + to the the underlying statefulset configuration. The secret reference + is mounted secret mounted in default path /mnt/secrets/. + The underlying resources will follow the secret as a file configuration + as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod + Change will roll the cluster + items: + description: MountedSecrets allows provides a way to inject custom + secret to underlying statefulset. + properties: + keyItems: + description: keyItems is list of key and path names + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be in + conflict with other options that affect the file mode, + like fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: SecretRef defines the secret name referenced + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + oneReplicaPerNode: + description: OneReplicaPerNode enforces to run 1 pod per node through + pod anti-affinity capability. Enabling this configuration in existing + cluster will roll. Change will roll the cluster + type: boolean + podTemplate: + description: PodTemplate defines some statefulset pod template configuration + properties: + affinity: + description: 'Affinity is a group of affinity scheduling rules. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from + its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term + matches no objects. The requirements of them are + ANDed. The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node that + violates one or more of the expressions. The node that + is most preferred is the one with the greatest sum of + weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod + label update), the system may or may not try to eventually + evict the pod from its node. When there are multiple + elements, the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations defines an unstructured key value map + stored with a resource that may be set by external tools to + store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + envVars: + description: 'EnvVars defines the collection of EnvVar to inject + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Labels defines map of string keys and values that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present + in container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to + all containers in a pod. Some volume types allow the Kubelet + to change the ownership of that volume to be owned by the + pod: \n 1. The owning GID will be the FSGroup 2. The setgid + bit is set (new files created in the volume will be owned + by FSGroup) 3. The permission bits are OR'd with rw-rw---- + \n If unset, the Kubelet will not modify the ownership and + permissions of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence + for that container. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process + run in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options within a container's + SecurityContext will be used. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName defines priority class for the + pod (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: Probe defines some fields of standard kubernetes + readiness/liveness probe configuration. + properties: + liveness: + description: Liveness allows to configure some some probe + configuration The changes will override the existing default + configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has + started before probes are initiated. CP component comes + with right configuration, not required to change most + of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + readiness: + description: Readiness allows to configure some some probe + configuration The changes will override the existing default + configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has + started before probes are initiated. CP component comes + with right configuration, not required to change most + of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + type: object + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds defines grace period + for pod deletion + format: int64 + type: integer + tolerations: + description: Tolerations defines The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator . + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraints describes how a group of + pods ought to spread across topology domains. Scheduler will + schedule pods in a way which abides by the constraints. All + topologySpreadConstraints are ANDed. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods + may be unevenly distributed. It''s the maximum permitted + difference between the number of matching pods in any + two topology domains of a given topology type. For example, + in a 3-zone cluster, MaxSkew is set to 1, and pods with + the same labelSelector spread as 1/1/0: | zone1 | zone2 + | zone3 | | P | P | | - if MaxSkew is 1, + incoming pod can only be scheduled to zone3 to become + 1/1/1; scheduling it onto zone1(zone2) would make the + ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - + if MaxSkew is 2, incoming pod can be scheduled onto any + zone. It''s a required field. Default value is 1 and 0 + is not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - + DoNotSchedule (default) tells the scheduler not to schedule + it - ScheduleAnyway tells the scheduler to still schedule + it It''s considered as "Unsatisfiable" if and only if + placing incoming pod on any topology violates "MaxSkew". + For example, in a 3-zone cluster, MaxSkew is set to 1, + and pods with the same labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | | P P P | P | P | If + WhenUnsatisfiable is set to DoNotSchedule, incoming pod + can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). + In other words, the cluster can still be imbalanced, but + scheduler won''t make it *more* imbalanced. It''s a required + field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + replicas: + description: Replicas is the desired number of replicas of the given + Template. Change will roll the cluster + format: int32 + type: integer + telemetry: + description: ConfluentTelemetry defines the confluent telemetry reporter + configuration + properties: + global: + description: Global will allow disabling telemetry configuration. + If Operator is deployed with telemetry, this field is only is + used to disabled. By default the value is true if telemetry + is enabled in global level. + type: boolean + type: object + tls: + description: TLS defines tls configuration for rest-endpoint + properties: + autoGeneratedCerts: + description: AutoGenerated if configures generates the certificates + based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where keystore/truststore.jks/jksPassword.txt keys + are mounted. CP will not configure truststore.jks can be ignored + with IgnoreTrustStoreConfig field + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced for + jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value format + can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - image + - replicas + type: object + status: + description: SchemaRegistryStatus defines the observed state of SchemaRegistry + properties: + authorizationType: + type: string + clusterName: + description: ClusterName defines the name of the cluster + type: string + clusterNamespace: + description: ClusterNamespace provides the namespace where cluster + is running + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition + is evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + currentReplicas: + description: CurrentReplicas defines current running replicas + format: int32 + type: integer + groupId: + type: string + internalSecrets: + description: InternalSecrets defines the list of internal secrets + created by Operator for each CP component. + items: + type: string + type: array + internalTopicNames: + description: InternalTopicNames is a list of topics used by the component + for internal use + items: + type: string + type: array + kafka: + description: KafkaClientInfoStatus defines the kafka client side status + for all CP component + properties: + authenticationType: + description: AuthenticationType defines the authentication type + for kafka + type: string + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + type: string + tls: + description: TLS defines if tls is enabled for kafka dependency + type: boolean + type: object + metricPrefix: + type: string + operatorVersion: + description: OperatorVersion defines the internal version of operator + type: string + phase: + description: Phase defines the state of the CP component + type: string + rbac: + description: RBACInfoStatus defines RBAC related status when RBAC + is enabled + properties: + clusterId: + description: ClusterId defines the id of cluster + type: string + internalRolebindings: + description: RolebindingState defines the state of internal rolebindings + items: + type: string + type: array + type: object + readyReplicas: + description: ReadyReplicas defines current ready replicas + format: int32 + type: integer + replicas: + description: Replicas defines replicas + format: int32 + type: integer + restConfig: + description: ListenerStatus describes general information about a + listeners + properties: + advertisedExternalEndpoints: + description: AdvertisedExternalEndpoints defines other advertised + endpoints, especially use for kafka + items: + type: string + type: array + authenticationType: + description: AuthenticationType defines authentication type configured + by a listener + type: string + externalAccessType: + description: ExternalAccessType is the external access type used + for the listener + type: string + externalEndpoint: + description: ExternalEndpoint defines the external endpoint to + connect to the service + type: string + internalEndpoint: + description: InternalEndpoint defines the internal endpoint to + connect to the service + type: string + tls: + description: TLS defines whether tls is configured by a listener + type: boolean + type: object + selector: + description: Selector gets the label selector of the child pod. The + Horizontal Pod Autoscaler(HPA) will scale using label selector of + the child pod. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.2.0/crds/platform.confluent.io_schemas.yaml b/base/cfk-base/2.2.0/crds/platform.confluent.io_schemas.yaml new file mode 100644 index 0000000..78950be --- /dev/null +++ b/base/cfk-base/2.2.0/crds/platform.confluent.io_schemas.yaml @@ -0,0 +1,400 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_schemas.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: schemas.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: Schema + listKind: SchemaList + plural: schemas + shortNames: + - schema + singular: schema + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.phase + name: Status + type: string + - jsonPath: .status.SchemaRegistryEndpoint + name: schemaregistry + priority: 1 + type: string + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SchemaSpec defines the desired state of Schema + properties: + data: + description: Data defines the data required to create a schema + properties: + configRef: + description: ConfigRef is the name of the Kubernetes ConfigMap + resource containing the schema + minLength: 1 + type: string + format: + description: Format is the the type of format of the encoded schema + enum: + - avro + - json + - protobuf + minLength: 1 + type: string + required: + - configRef + - format + type: object + schemaReferences: + description: SchemaReferences defines a list of schema references + in the schema data + items: + description: SchemaReference is a schema to be used as a reference + as part of creating a new schema + properties: + avro: + description: Avro is the data for the referenced avro schema + properties: + avro: + description: Name is the reference name using the fully + qualified schema name + minLength: 1 + type: string + required: + - avro + type: object + format: + description: Format is the the type of format of the referenced + schema + enum: + - avro + - json + - protobuf + minLength: 1 + type: string + json: + description: JSON is the data for the referenced json schema + properties: + url: + description: URL is the reference name + minLength: 1 + type: string + required: + - url + type: object + protobuf: + description: Protobuf is the data for the referenced protobuf + schema + properties: + file: + description: File is the file name of the references protobuf + schema + minLength: 1 + type: string + required: + - file + type: object + subject: + description: Subject is the name of the subject for the referenced + schema through the configref + minLength: 1 + type: string + version: + description: Version is the the type of version of the referenced + schema + format: int32 + type: integer + required: + - format + - subject + - version + type: object + type: array + schemaRegistryClusterRef: + description: SchemaRegistryClusterRef defines the discovery section + to refer to a CFK managed schemaregistry cluster + properties: + name: + description: Name defines name of the cluster + type: string + namespace: + description: Namespace defines namespace where cluster is running + type: string + required: + - name + type: object + schemaRegistryRest: + description: SchemaRegistryRestApiInfo defines SchemaRegistry Rest + API configuration + properties: + authentication: + description: Authentication defines the Rest API authentication + mechanism + properties: + basic: + description: Basic defines basic authentication for the rest + client + properties: + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + bearer: + description: BearerAuthentication defines bearer authentication + for the rest client + properties: + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: + enum: + - basic + - bearer + - mtls + type: string + required: + - type + type: object + endpoint: + description: Endpoint defines where confluent Rest API is running + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: TLSDependencyConfig defines custom TLS structure + for the child resources(connector, topic, schema, etc) of CP + component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. + minLength: 1 + type: string + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: object + required: + - data + type: object + status: + description: SchemaStatus defines the observed state of Schema + properties: + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition + is evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + deletedVersions: + description: DeletedVersions lists the successful hard deleted versions + for the subject of the cr + items: + format: int32 + type: integer + type: array + format: + description: Format defines the format the latest schema for the subject + type: string + id: + description: ID defines the id of the latest schema for the subject + format: int32 + type: integer + schemaReferences: + description: SchemaReferences lists the schema references for the + latest schema for the subhect + items: + description: SchemaReference is a schema to be used as a reference + as part of creating a new schema + properties: + avro: + description: Avro is the data for the referenced avro schema + properties: + avro: + description: Name is the reference name using the fully + qualified schema name + minLength: 1 + type: string + required: + - avro + type: object + format: + description: Format is the the type of format of the referenced + schema + enum: + - avro + - json + - protobuf + minLength: 1 + type: string + json: + description: JSON is the data for the referenced json schema + properties: + url: + description: URL is the reference name + minLength: 1 + type: string + required: + - url + type: object + protobuf: + description: Protobuf is the data for the referenced protobuf + schema + properties: + file: + description: File is the file name of the references protobuf + schema + minLength: 1 + type: string + required: + - file + type: object + subject: + description: Subject is the name of the subject for the referenced + schema through the configref + minLength: 1 + type: string + version: + description: Version is the the type of version of the referenced + schema + format: int32 + type: integer + required: + - format + - subject + - version + type: object + type: array + schemaRegistryAuthenticationType: + description: SchemaRegistryAuthenticationType defines the type of + auth used + type: string + schemaRegistryEndpoint: + description: Endpoint defines the SchemaRegistry Rest endpoint + type: string + schemaRegistryTLS: + description: SchemaRegistryTLS defines the whether the schema registry + is using tls + type: boolean + softDeletedVersions: + description: SoftDeletedVersions lists the successful soft deleted + versions for the subject of the cr + items: + format: int32 + type: integer + type: array + state: + description: State defines the state of the Schema CR + type: string + subject: + description: Subject defines the subject of the schema resource + type: string + version: + description: Version defines the version of the latest schema for + the subject + format: int32 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/crds/crds/platform.confluent.io_zookeepers.yaml b/base/cfk-base/2.2.0/crds/platform.confluent.io_zookeepers.yaml similarity index 100% rename from base/crds/crds/platform.confluent.io_zookeepers.yaml rename to base/cfk-base/2.2.0/crds/platform.confluent.io_zookeepers.yaml diff --git a/base/operator/clusterrole.yaml b/base/cfk-base/2.2.0/templates/clusterrole.yaml similarity index 97% rename from base/operator/clusterrole.yaml rename to base/cfk-base/2.2.0/templates/clusterrole.yaml index 3de44e9..570bccb 100644 --- a/base/operator/clusterrole.yaml +++ b/base/cfk-base/2.2.0/templates/clusterrole.yaml @@ -6,7 +6,7 @@ metadata: labels: app: confluent-for-kubernetes app.kubernetes.io/name: confluent-for-kubernetes - app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/instance: release-name app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: "confluent-operator" helm.sh/chart: confluent-for-kubernetes-0.304.2 diff --git a/base/operator/clusterrolebinding.yaml b/base/cfk-base/2.2.0/templates/clusterrolebinding.yaml similarity index 93% rename from base/operator/clusterrolebinding.yaml rename to base/cfk-base/2.2.0/templates/clusterrolebinding.yaml index 853247a..68ca7f8 100644 --- a/base/operator/clusterrolebinding.yaml +++ b/base/cfk-base/2.2.0/templates/clusterrolebinding.yaml @@ -6,7 +6,7 @@ metadata: labels: app: confluent-for-kubernetes app.kubernetes.io/name: confluent-for-kubernetes - app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/instance: release-name app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: "confluent-operator" helm.sh/chart: confluent-for-kubernetes-0.304.2 diff --git a/base/operator/deployment.yaml b/base/cfk-base/2.2.0/templates/deployment.yaml similarity index 93% rename from base/operator/deployment.yaml rename to base/cfk-base/2.2.0/templates/deployment.yaml index 178c93a..59c929a 100644 --- a/base/operator/deployment.yaml +++ b/base/cfk-base/2.2.0/templates/deployment.yaml @@ -6,7 +6,7 @@ metadata: labels: app: confluent-for-kubernetes app.kubernetes.io/name: confluent-for-kubernetes - app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/instance: release-name app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: "confluent-operator" helm.sh/chart: confluent-for-kubernetes-0.304.2 @@ -18,7 +18,7 @@ spec: selector: matchLabels: app.kubernetes.io/name: "confluent-operator" - app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/instance: release-name strategy: rollingUpdate: maxSurge: 1 @@ -33,7 +33,7 @@ spec: labels: app: "confluent-operator" app.kubernetes.io/name: "confluent-operator" - app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/instance: release-name confluent-platform: "true" version: 0.304.2 spec: diff --git a/base/cfk-base/2.2.0/templates/kustomization.yaml b/base/cfk-base/2.2.0/templates/kustomization.yaml new file mode 100644 index 0000000..e9867e7 --- /dev/null +++ b/base/cfk-base/2.2.0/templates/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - licensing.yaml + - clusterrole.yaml + - clusterrolebinding.yaml + - deployment.yaml + - service.yaml + - serviceaccount.yaml diff --git a/base/operator/licensing.yaml b/base/cfk-base/2.2.0/templates/licensing.yaml similarity index 95% rename from base/operator/licensing.yaml rename to base/cfk-base/2.2.0/templates/licensing.yaml index ba8751b..dca3806 100644 --- a/base/operator/licensing.yaml +++ b/base/cfk-base/2.2.0/templates/licensing.yaml @@ -6,7 +6,7 @@ metadata: labels: app: confluent-for-kubernetes app.kubernetes.io/name: confluent-for-kubernetes - app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/instance: release-name app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: "confluent-operator" helm.sh/chart: confluent-for-kubernetes-0.304.2 diff --git a/base/operator/service.yaml b/base/cfk-base/2.2.0/templates/service.yaml similarity index 93% rename from base/operator/service.yaml rename to base/cfk-base/2.2.0/templates/service.yaml index eef7eb0..bdc6589 100644 --- a/base/operator/service.yaml +++ b/base/cfk-base/2.2.0/templates/service.yaml @@ -6,7 +6,7 @@ metadata: labels: app: confluent-for-kubernetes app.kubernetes.io/name: confluent-for-kubernetes - app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/instance: release-name app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: "confluent-operator" helm.sh/chart: confluent-for-kubernetes-0.304.2 diff --git a/base/operator/serviceaccount.yaml b/base/cfk-base/2.2.0/templates/serviceaccount.yaml similarity index 91% rename from base/operator/serviceaccount.yaml rename to base/cfk-base/2.2.0/templates/serviceaccount.yaml index 2431e23..b292e65 100644 --- a/base/operator/serviceaccount.yaml +++ b/base/cfk-base/2.2.0/templates/serviceaccount.yaml @@ -8,7 +8,7 @@ metadata: labels: app: confluent-for-kubernetes app.kubernetes.io/name: confluent-for-kubernetes - app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/instance: release-name app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: "confluent-operator" helm.sh/chart: confluent-for-kubernetes-0.304.2 diff --git a/base/cfk-base/2.2.1/crds/kustomization.yaml b/base/cfk-base/2.2.1/crds/kustomization.yaml new file mode 100644 index 0000000..94cae59 --- /dev/null +++ b/base/cfk-base/2.2.1/crds/kustomization.yaml @@ -0,0 +1,17 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - platform.confluent.io_clusterlinks.yaml + - platform.confluent.io_confluentrolebindings.yaml + - platform.confluent.io_connectors.yaml + - platform.confluent.io_connects.yaml + - platform.confluent.io_controlcenters.yaml + - platform.confluent.io_kafkarestclasses.yaml + - platform.confluent.io_kafkarestproxies.yaml + - platform.confluent.io_kafkas.yaml + - platform.confluent.io_kafkatopics.yaml + - platform.confluent.io_ksqldbs.yaml + - platform.confluent.io_migrationjobs.yaml + - platform.confluent.io_schemaregistries.yaml + - platform.confluent.io_schemas.yaml + - platform.confluent.io_zookeepers.yaml diff --git a/base/cfk-base/2.2.1/crds/platform.confluent.io_clusterlinks.yaml b/base/cfk-base/2.2.1/crds/platform.confluent.io_clusterlinks.yaml new file mode 100644 index 0000000..09ce817 --- /dev/null +++ b/base/cfk-base/2.2.1/crds/platform.confluent.io_clusterlinks.yaml @@ -0,0 +1,365 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_clusterlinks.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: clusterlinks.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: ClusterLink + listKind: ClusterLinkList + plural: clusterlinks + shortNames: + - cl + - clusterlink + - clink + singular: clusterlink + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.clusterLinkID + name: ID + type: string + - jsonPath: .status.state + name: Status + type: string + - jsonPath: .status.destinationKafkaClusterID + name: DestClusterID + type: string + - jsonPath: .status.sourceKafkaClusterID + name: SrcClusterID + type: string + - jsonPath: .status.numMirrorTopics + name: MirrorTopicCount + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: ClusterLink is the schema for the ClusterLink API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec defines the desired state of the cluster link. + properties: + configs: + additionalProperties: + type: string + description: 'configs specify additional configurations for the cluster + link. More info: https://docs.confluent.io/platform/current/multi-dc-deployments/cluster-linking/configs.html' + type: object + consumerGroupFilters: + description: consumerGroupFilters specify a list of consumer groups + to be migrated from the source cluster to the destination cluster. + items: + description: ConsumerGroupFilter specifies a list of consumer groups + to be migrated from the source cluster to the destination cluster. + properties: + filterType: + description: filterType specifies the filter type. Valid options + are `INCLUDE` and `EXCLUDE`. + enum: + - INCLUDE + - EXCLUDE + type: string + name: + description: name is the resource name associated with this + filter. + type: string + patternType: + description: patternType is the pattern of the resource. Valid + options are `PREFIXED` and `LITERAL`. + enum: + - PREFIXED + - LITERAL + type: string + required: + - filterType + - name + - patternType + type: object + type: array + destinationKafkaCluster: + description: destinationKafkaCluster specifies the destination Kafka + cluster and its REST API configuration. The cluster link is set + up in the destination cluster. + properties: + kafkaRestClassRef: + description: kafkaRestClassRef references the KafkaRestClass application + resource. + properties: + name: + description: name specifies the name of the KafkaRestClass + application resource. + minLength: 1 + type: string + namespace: + description: namespace specifies the namespace of the KafkaRestClass. + type: string + required: + - name + type: object + required: + - kafkaRestClassRef + type: object + mirrorTopics: + description: mirrorTopics specify the mirror topics under this cluster + link. + items: + description: MirrorTopic defines the mirror topic configuration. + properties: + ' configs': + additionalProperties: + type: string + description: configs define any additional configuration or + configuration overrides for the mirror topic. + type: object + name: + description: name is the mirror topic name. A topic with the + exact same name must exist on the source cluster, and no topic + with this name should exist on the destination cluster. + maxLength: 255 + minLength: 1 + pattern: ^[a-zA-Z0-9\._\-]*$ + type: string + state: + description: state specifies the desired state for this mirror + topic. Valid options are `ACTIVE`, `FAILOVER`, `PAUSE`, and + `PROMOTE`. The default value is `ACTIVE`. + enum: + - PAUSE + - PROMOTE + - FAILOVER + - ACTIVE + type: string + required: + - name + type: object + type: array + sourceKafkaCluster: + description: sourceKafkaCluster specifies the source Kafka cluster + and its REST API configuration. + properties: + authentication: + description: authentication specifies the authentication for the + source Kafka cluster. + properties: + jaasConfig: + description: jaasConfig specifies the Kafka client-side JaaS + configuration. + properties: + secretRef: + description: 'secretRef references the secret containing + the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: jaasConfigPassThrough specifies another way to + provide the Kafka client-side JaaS configuration. + properties: + directoryPathInContainer: + description: 'directoryPathInContainer specifies the directory + path in the container where required credentials are + mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + minLength: 1 + type: string + secretRef: + description: 'secretRef references the secret containing + the required credentials for authentication. More info: + https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the Kafka client authentication + type. Valid options are `plain`, `oauthbearer`, `digest`, + and `mtls`. + enum: + - plain + - oauthbearer + - digest + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: bootstrapEndpoint specifies the bootstrap endpoint + for the source Kafka cluster. + minLength: 1 + pattern: .+:[0-9]+ + type: string + clusterID: + description: clusterID specifies the id of the source Kafka cluster. + If clusterID is defined for the source Kafka cluster, it takes + precedence over using the REST API for getting the cluster ID. + minLength: 1 + type: string + kafkaRestClassRef: + description: kafkaRestClassRef references the KafkaRestClass application + resource which defines the Kafka REST API connection information. + This is optional if the `clusterID` is set. + properties: + name: + description: name specifies the name of the KafkaRestClass + application resource. + minLength: 1 + type: string + namespace: + description: namespace specifies the namespace of the KafkaRestClass. + type: string + required: + - name + type: object + tls: + description: tls specifies the client-side TLS configuration for + the source Kafka cluster. + properties: + enabled: + description: enabled specifies whether to enable the TLS configuration + for the cluster link. The default value is `false`. + type: boolean + keyPassword: + description: keyPassword references the secret containing + the SSL key password if the private key passed in the secretRef + above is encrypted. + properties: + secretRef: + description: 'secretRef references the name of the secret + containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing the + certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + required: + - bootstrapEndpoint + type: object + required: + - destinationKafkaCluster + - sourceKafkaCluster + type: object + status: + description: status defines the observed state of the cluster link. + properties: + clusterLinkID: + description: clusterLinkID is the id of the cluster link. + type: string + clusterLinkName: + description: clusterLinkName is the name of the cluster link. + type: string + conditions: + description: conditions are the latest available observations of the + cluster link's state. + items: + description: Condition represent the latest available observations + of the current state. + properties: + lastProbeTime: + description: lastProbeTime shows the last time the condition + was evaluated. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime shows the last time the condition + was transitioned from one status to another. + format: date-time + type: string + message: + description: message shows a human-readable message with details + about the transition. + type: string + reason: + description: reason shows the reason for the last transition + of the condition. + type: string + status: + description: status shows the status of the condition, one of + `True`, `False`, or `Unknown`. + type: string + type: + description: type shows the condition type. + type: string + type: object + type: array + destinationKafkaClusterID: + description: destinationKafkaClusterID is the ID of the destination + Kafka cluster. + type: string + kafkaCluster: + description: 'kafkaCluster is the Kafka cluster this cluster link + belongs to. The format is: `/`' + type: string + mirrorTopics: + additionalProperties: + type: string + description: mirrorTopics are all the mirror topics for the cluster + link along with their status. + type: object + numMirrorTopics: + description: numMirrorTopics is the number of mirror topics for the + cluster link. + type: integer + sourceKafkaClusterID: + description: sourceKafkaClusterID is the ID of the source Kafka cluster. + type: string + state: + description: state is the current state of the cluster link. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.2.1/crds/platform.confluent.io_confluentrolebindings.yaml b/base/cfk-base/2.2.1/crds/platform.confluent.io_confluentrolebindings.yaml new file mode 100644 index 0000000..ad59f79 --- /dev/null +++ b/base/cfk-base/2.2.1/crds/platform.confluent.io_confluentrolebindings.yaml @@ -0,0 +1,284 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_confluentrolebindings.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: confluentrolebindings.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: ConfluentRolebinding + listKind: ConfluentRolebindingList + plural: confluentrolebindings + shortNames: + - cfrb + - confluentrolebinding + singular: confluentrolebinding + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.state + name: Status + type: string + - jsonPath: .status.kafkaClusterId + name: KafkaClusterId + type: string + - jsonPath: .status.principal + name: Principal + type: string + - jsonPath: .status.role + name: Role + type: string + - jsonPath: .status.kafkaRestClass + name: KafkaRestClass + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.kafkaCluster + name: KafkaCluster + priority: 1 + type: string + - jsonPath: .status.clusterRegistryName + name: ClusterRegistryName + priority: 1 + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: ConfluentRolebinding is the schema for the ConfluentRolebinding + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec defines the desired state of the ConfluentRolebinding. + properties: + clustersScopeByIds: + description: clustersScopeByIds specify the scope of the Confluent + component cluster(s) via cluster id(s). + properties: + connectClusterId: + description: connectClusterId specifies the Connect cluster id. + minLength: 1 + type: string + kafkaClusterId: + description: kafkaClusterId specifies the id of the Kafka cluster + id. + minLength: 1 + type: string + ksqlClusterId: + description: ksqlClusterId specifies the ksqlDB cluster id. + minLength: 1 + type: string + schemaRegistryClusterId: + description: schemaRegistryClusterId specifies the Schema Registry + cluster id. + minLength: 1 + type: string + type: object + clustersScopeByRegistryName: + description: clustersScopeByRegistryName specifies the unique cluster + name you registered in the cluster registry. + minLength: 1 + type: string + kafkaRestClassRef: + description: kafkaRestClassRef references the KafkaRestClass that + defines the Kafka REST API connection information. + properties: + name: + description: name specifies the name of the KafkaRestClass application + resource. + minLength: 1 + type: string + namespace: + description: namespace specifies the namespace of the KafkaRestClass. + type: string + required: + - name + type: object + principal: + description: RolebindingPrincipal defines the principal(user/group) + the rolebinding belongs to. + properties: + name: + description: name specifies the name of the principal. + minLength: 1 + type: string + type: + description: type specifies the type of the principal. Valid options + are `user` and `group`. + enum: + - user + - group + type: string + required: + - name + - type + type: object + resourcePatterns: + description: resourcePatterns specify the qualified resources associated + with this rolebinding. + items: + description: ResourcePattern specifies the qualified resource info + associated with this rolebinding. + properties: + name: + description: name specifies the name of the resource associated + with this rolebinding. + minLength: 1 + type: string + patternType: + description: patternType specifies the pattern of the resource. + Valid options are `PREFIXED` or `LITERAL`. The default value + is `LITERAL`. + enum: + - PREFIXED + - LITERAL + type: string + resourceType: + description: resourceType refers to the type of the resource. + minLength: 1 + type: string + required: + - name + - resourceType + type: object + type: array + role: + description: role specifies the name of the role. + minLength: 1 + type: string + required: + - principal + - role + type: object + status: + description: status is the observed state of the ConfluentRolebinding. + properties: + clusterRegistryName: + description: clusterRegistryName is the cluster registry name the + rolebinding associated with. + type: string + conditions: + description: conditions are the latest available observations of the + rolebinding's state. + items: + description: Condition represent the latest available observations + of the current state. + properties: + lastProbeTime: + description: lastProbeTime shows the last time the condition + was evaluated. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime shows the last time the condition + was transitioned from one status to another. + format: date-time + type: string + message: + description: message shows a human-readable message with details + about the transition. + type: string + reason: + description: reason shows the reason for the last transition + of the condition. + type: string + status: + description: status shows the status of the condition, one of + `True`, `False`, or `Unknown`. + type: string + type: + description: type shows the condition type. + type: string + type: object + type: array + kafkaCluster: + description: 'kafkaCluster is the Kafka cluster the rolebinding belongs + to. The format is: `/`.' + type: string + kafkaClusterId: + description: kafkaClusterId is the id of the Kafka cluster. + type: string + kafkaRestClass: + description: 'kafkaRestClass is the kafkaRestClass this rolebinding + uses. The format is: `/`.' + type: string + mdsEndpoint: + description: mdsEndpoint is the MDS endpoint. + type: string + principal: + description: 'principal is the principal the rolebinding belongs to. + The format is: `:`.' + type: string + resourcePatterns: + description: resourcePatterns are the resource patterns this rolebinding + is associated with. + items: + description: ResourcePattern specifies the qualified resource info + associated with this rolebinding. + properties: + name: + description: name specifies the name of the resource associated + with this rolebinding. + minLength: 1 + type: string + patternType: + description: patternType specifies the pattern of the resource. + Valid options are `PREFIXED` or `LITERAL`. The default value + is `LITERAL`. + enum: + - PREFIXED + - LITERAL + type: string + resourceType: + description: resourceType refers to the type of the resource. + minLength: 1 + type: string + required: + - name + - resourceType + type: object + type: array + role: + description: role is the role this rolebinding is associated with. + type: string + state: + description: state is the state of this rolebinding. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.2.1/crds/platform.confluent.io_connectors.yaml b/base/cfk-base/2.2.1/crds/platform.confluent.io_connectors.yaml new file mode 100644 index 0000000..b2f3f55 --- /dev/null +++ b/base/cfk-base/2.2.1/crds/platform.confluent.io_connectors.yaml @@ -0,0 +1,361 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_connectors.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: connectors.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: Connector + listKind: ConnectorList + plural: connectors + shortNames: + - ctr + - connector + singular: connector + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.state + name: Status + type: string + - jsonPath: .status.connectorState + name: ConnectorStatus + type: string + - jsonPath: .status.tasksReady + name: Tasks-Ready + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.connectRestEndpoint + name: ConnectEndpoint + priority: 1 + type: string + - jsonPath: .status.failedTasksCount + name: Tasks-Failed + priority: 1 + type: string + - jsonPath: .status.workerId + name: WorkerId + priority: 1 + type: string + - jsonPath: .status.restartPolicy.type + name: RestartPolicy + priority: 1 + type: string + - jsonPath: .status.kafkaClusterId + name: KafkaClusterId + priority: 1 + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: Connector is the schema for the Connector API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec defines the desired state of the Connector. + properties: + class: + description: class specifies the class name of the connector. The + Connect cluster displays the supported class names in its status. + minLength: 1 + type: string + configs: + additionalProperties: + type: string + description: configs specify the additional configurations for the + connector. + type: object + connectClusterRef: + description: connectClusterRef references the CFK managed Connect + cluster. + properties: + name: + description: name specifies the name of the Confluent Platform + component cluster. + type: string + namespace: + description: namespace specifies the namespace where the Confluent + Platform component cluster is running. + type: string + required: + - name + type: object + connectRest: + description: connectRest specifies the Connect REST API connection + configuration. + properties: + authentication: + description: authentication specifies the REST API authentication + mechanism. + properties: + basic: + description: basic specifies the basic authentication settings + for the REST API client. + properties: + secretRef: + description: secretRef references the name of the secret. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + bearer: + description: bearer specifies the bearer authentication settings + for the REST API client. + properties: + secretRef: + description: secretRef references the name of the secret. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: + description: type specifies the REST API authentication type. + Valid options are `basic`, `bearer`, and `mtls`. + enum: + - basic + - bearer + - mtls + type: string + required: + - type + type: object + endpoint: + description: endpoint specifies where Confluent REST API is running. + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: tls specifies the custom TLS structure for the application + resources, e.g. connector, topic, schema, of the Confluent Platform + components. + properties: + directoryPathInContainer: + description: directoryPathInContainer contains the directory + path in the container where `keystore.jks`, `truststore.jks`, + `jksPassword.txt` keys are mounted. + minLength: 1 + type: string + jksPassword: + description: jksPassword specifies the secret name that contains + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the secret + containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef specifies the secret name that contains + the certificates. More info about certificates key/value + format: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: object + name: + description: name specifies the connector name. If not configured, + the Connector CR name is used as the connector name. + maxLength: 255 + minLength: 1 + pattern: ^[a-zA-Z0-9\._\-]*$ + type: string + restartPolicy: + description: restartPolicy specifies the policy to restart failed + tasks of the connector. + properties: + maxRetry: + description: maxRetry specifies the max number of tries to restart + failed tasks when the `restartPolicy` type is `OnFailure`. The + default value is `10`. + format: int32 + minimum: 1 + type: integer + type: + description: type specifies the policy type to restart connector + tasks. Valid options are `OnFailure` and `Never`. Default value + is `OnFailure`, which means it will restart automatically when + a task fails if the `maxRetry` value is not reached. + enum: + - OnFailure + - Never + type: string + required: + - type + type: object + taskMax: + description: taskMax specifies the maximum number of tasks for the + connector. It must be greater than 0. The connector may create fewer + tasks if it cannot achieve this level of parallelism. + format: int32 + minimum: 1 + type: integer + required: + - class + - taskMax + type: object + status: + description: status defines the observed state of the Connector. + properties: + conditions: + description: conditions are the latest available observations of the + connector state. + items: + description: Condition represent the latest available observations + of the current state. + properties: + lastProbeTime: + description: lastProbeTime shows the last time the condition + was evaluated. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime shows the last time the condition + was transitioned from one status to another. + format: date-time + type: string + message: + description: message shows a human-readable message with details + about the transition. + type: string + reason: + description: reason shows the reason for the last transition + of the condition. + type: string + status: + description: status shows the status of the condition, one of + `True`, `False`, or `Unknown`. + type: string + type: + description: type shows the condition type. + type: string + type: object + type: array + connectRestEndpoint: + description: connectRestEndpoint is the REST endpoint of the Connect + cluster. + type: string + connectorState: + description: connectorState is the status of the connector instance. + type: string + failedTasks: + additionalProperties: + description: TaskStatus defines the connector task status. + properties: + id: + description: Id is the id of the task. + format: int32 + type: integer + retryCount: + description: retryCount is the number of retry attempts to restart + the failed task. + format: int32 + type: integer + workerId: + description: workerId is the workerId for the task. + type: string + required: + - id + type: object + description: failedTasks is the map of connector tasks in the `FAILED` + state. Error messages of failed tasks are logged in the CFK logs + as `INFO`. You can also get the error message via Connect REST API + calls. + type: object + failedTasksCount: + description: failedTasksCount is the number of failed tasks. + format: int32 + type: integer + kafkaClusterId: + description: kafkaClusterId is the Kafka cluster id the connector + belongs to. + type: string + restartPolicy: + description: restartPolicy is the policy to restart failed tasks of + the connector. + properties: + maxRetry: + description: maxRetry specifies the max number of tries to restart + failed tasks when the `restartPolicy` type is `OnFailure`. The + default value is `10`. + format: int32 + minimum: 1 + type: integer + type: + description: type specifies the policy type to restart connector + tasks. Valid options are `OnFailure` and `Never`. Default value + is `OnFailure`, which means it will restart automatically when + a task fails if the `maxRetry` value is not reached. + enum: + - OnFailure + - Never + type: string + required: + - type + type: object + state: + description: state is the custom resource state of the connector. + This is not the connector state, which can be `CREATED`, `ERROR`, + etc. + type: string + tasksReady: + description: 'tasksReady is the number of running tasks based on `taskMax`. + The value is in the following format: `/`' + type: string + trace: + description: trace is the error trace message for the connector instance. + type: string + workerId: + description: workerId is the workerId of the connector instance. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.2.1/crds/platform.confluent.io_connects.yaml b/base/cfk-base/2.2.1/crds/platform.confluent.io_connects.yaml new file mode 100644 index 0000000..d5cd5cd --- /dev/null +++ b/base/cfk-base/2.2.1/crds/platform.confluent.io_connects.yaml @@ -0,0 +1,3332 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_connects.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: connects.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: Connect + listKind: ConnectList + plural: connects + shortNames: + - connect + singular: connect + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.replicas + name: Replicas + type: string + - jsonPath: .status.readyReplicas + name: Ready + type: string + - jsonPath: .status.phase + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.kafka.bootstrapEndpoint + name: Kafka + priority: 1 + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: Connect is the schema for the Connect API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec defines the desired state of the Connect cluster. + properties: + authentication: + description: authentication specifies authentication configuration. + properties: + basic: + description: basic specifies the configuration for basic authentication. + properties: + debug: + description: debug enables the basic authentication debug + logs for JaaS configuration. + type: boolean + directoryPathInContainer: + description: 'directoryPathInContainer allows to pass the + basic credential through a directory path in the container. + More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + minLength: 1 + type: string + restrictedRoles: + description: restrictedRoles specify the restricted roles + on the server side only. Changes will be only reflected + in Control Center. This configuration is ignored on the + client side configuration. + items: + type: string + minItems: 1 + type: array + roles: + description: roles specify the roles on the server side only. + This configuration is ignored on the client side configuration. + items: + type: string + type: array + secretRef: + description: 'secretRef defines secret reference to pass the + required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the authentication scheme for the + REST API server. Valid options are `basic` and `mtls`. + enum: + - basic + - mtls + type: string + required: + - type + type: object + authorization: + description: authorization specifies the authorization configuration. + properties: + kafkaRestClassRef: + description: kafkaRestClassRef references the KafkaRestClass which + specifies the Kafka REST API connection configuration. + properties: + name: + description: name specifies the name of the KafkaRestClass + application resource. + minLength: 1 + type: string + namespace: + description: namespace specifies the namespace of the KafkaRestClass. + type: string + required: + - name + type: object + type: + description: type specifies the client-side authorization type. + The valid option is `rbac`. + enum: + - rbac + type: string + required: + - type + type: object + build: + description: build defines the build configurations for connector + plugins. + properties: + onDemand: + description: OnDemand defines the build configurations for the + `onDemand` build type. + properties: + plugins: + description: plugins define the installation information for + connector plugins. + properties: + confluentHub: + description: confluentHub contains a list of connector + plugins you get from Confluent Hub. + items: + description: ConfluentHubPlugin contains the required + information to get the connector plugin from Confluent + Hub. + properties: + name: + description: name specifies the name of the connector + plugin. + minLength: 1 + type: string + owner: + description: owner specifies the individual or organization + that provides the connector plugin, for example, + `confluentinc`. + minLength: 1 + type: string + version: + description: version specifies the version of the + connector plugin, which can be either the version + of the plugin or the literal `latest`. + minLength: 1 + type: string + required: + - name + - owner + - version + type: object + type: array + locationType: + description: locationType specifies where to get connector + plugins. Valid options are `confluentHub` and `url`. + enum: + - confluentHub + - url + type: string + url: + description: url contains a list of URL plugins you get + from external URLs. + items: + description: URLPlugin defines the information to get + the connector plugin from an external URL. + properties: + archivePath: + description: archivePath specifies the archive path + of the connector plugin. + minLength: 1 + pattern: ^https?://.* + type: string + checksum: + description: checksum defines the sha512sum checksum + of the connector plugin's remote file. It is used + to verify the remote file after it is downloaded. + type: string + name: + description: name specifies the connector plugin + name. + minLength: 1 + type: string + required: + - archivePath + - checksum + - name + type: object + type: array + required: + - locationType + type: object + storageLimit: + anyOf: + - type: integer + - type: string + description: storageLimit specifies the max amount of node + volume that can be used to store connector plugins. The + default value is `4G`. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - plugins + type: object + type: + description: type specifies the build type for connector plugins. + Currently only the `onDemand` type is supported. + enum: + - onDemand + type: string + required: + - type + type: object + configOverrides: + description: configOverrides specifies the configs to override the + server, JVM, Log4j properties for the Connect cluster. + properties: + jvm: + description: jvm is a list of JVM configuration supported by the + Confluent Platform component. This will either add or update + the existing configuration. + items: + type: string + type: array + log4j: + description: log4j is a list of Log4J configuration supported + by the Confluent Platform component. This will either add or + update the existing configuration. + items: + type: string + type: array + server: + description: server is a list of server configuration supported + by the Confluent Platform component. This will either add or + update existing configuration. + items: + type: string + type: array + type: object + connectorOverridePolicy: + description: 'connectorOverridePolicy allows the policy to permit + per-connector override configuration for producer/consumer/admin + prefix. More info: https://docs.confluent.io/platform/current/connect/security.html#separate-principals' + enum: + - All + - Principal + type: string + connectorTLSCerts: + description: connectorTLSCerts are the custom TLS certificates injected + into the Connect cluster for connectors to use. Check the Connect + status for the mount path of the certificates. A change will roll + the cluster. + items: + description: CustomTLSCertificate defines the custom TLS structure + for the application resources (connector, topic, schema, etc.) + of the Confluent Platform component. + properties: + directoryPathInContainer: + description: directoryPathInContainer contains the directory + path in the container where `keystore.jks`, `truststore.jks`, + `jksPassword.txt` keys are mounted. + minLength: 1 + type: string + jksPassword: + description: jksPassword specifies the secret name that contains + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the secret + containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef specifies the secret name that contains + the certificates. More info about certificates key/value format: + https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: array + dependencies: + description: ConnectDependencies contains the dependencies the Connect + requires or can enable. + properties: + admin: + description: admin contains the security configuration to connect + to the admin client. If `bootstrapEndpoint` is not configured, + the security is configured based on the Kafka dependency configuration. + Configure this property if different bootstrap endpoint is required + for the admin client. + properties: + authentication: + description: authentication defines the authentication for + the Kafka cluster. + properties: + jaasConfig: + description: jaasConfig specifies the Kafka client-side + JaaS configuration. + properties: + secretRef: + description: 'secretRef references the secret containing + the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: jaasConfigPassThrough specifies another way + to provide the Kafka client-side JaaS configuration. + properties: + directoryPathInContainer: + description: 'directoryPathInContainer specifies the + directory path in the container where required credentials + are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + minLength: 1 + type: string + secretRef: + description: 'secretRef references the secret containing + the required credentials for authentication. More + info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the Kafka client authentication + type. Valid options are `plain`, `oauthbearer`, `digest`, + and `mtls`. + enum: + - plain + - oauthbearer + - digest + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: bootstrapEndpoint specifies the Kafka bootstrap + endpoint. + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: discovery specifies the capability to discover + the Kafka cluster. + properties: + name: + description: name is the name of the Confluent Platform + component cluster. + type: string + namespace: + description: namespace is where the Confluent Platform + component is running. The defauls value is the namespace + where CFK is running. + type: string + secretRef: + description: secretRef is the name of the secret used + to discover the Confluent Platform component. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: tls defines the client-side TLS setting for the + Kafka cluster. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the + secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + consumer: + description: consumer contains the security configuration to connect + to the Kafka cluster. It is used for sink connectors. If `bootstrapEndpoint` + is not configured, the security is configured based on the Kafka + dependency configuration. Configure this property if different + bootstrap endpoint is required for the consumer. + properties: + authentication: + description: authentication defines the authentication for + the Kafka cluster. + properties: + jaasConfig: + description: jaasConfig specifies the Kafka client-side + JaaS configuration. + properties: + secretRef: + description: 'secretRef references the secret containing + the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: jaasConfigPassThrough specifies another way + to provide the Kafka client-side JaaS configuration. + properties: + directoryPathInContainer: + description: 'directoryPathInContainer specifies the + directory path in the container where required credentials + are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + minLength: 1 + type: string + secretRef: + description: 'secretRef references the secret containing + the required credentials for authentication. More + info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the Kafka client authentication + type. Valid options are `plain`, `oauthbearer`, `digest`, + and `mtls`. + enum: + - plain + - oauthbearer + - digest + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: bootstrapEndpoint specifies the Kafka bootstrap + endpoint. + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: discovery specifies the capability to discover + the Kafka cluster. + properties: + name: + description: name is the name of the Confluent Platform + component cluster. + type: string + namespace: + description: namespace is where the Confluent Platform + component is running. The defauls value is the namespace + where CFK is running. + type: string + secretRef: + description: secretRef is the name of the secret used + to discover the Confluent Platform component. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: tls defines the client-side TLS setting for the + Kafka cluster. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the + secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + interceptor: + description: interceptor contains the dependency configuration + for the monitoring interceptor. + properties: + configs: + description: configs describe the configurations for the Confluent + Platform interceptor. The config override feature can be + used to pass the configuration settings. + items: + type: string + type: array + consumer: + description: consumer specifies the consumer configuration + for the interceptor. If not configured, it uses the Kafka + dependency configuration. + properties: + authentication: + description: authentication defines the authentication + for the Kafka cluster. + properties: + jaasConfig: + description: jaasConfig specifies the Kafka client-side + JaaS configuration. + properties: + secretRef: + description: 'secretRef references the secret + containing the required credentials. More info: + https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: jaasConfigPassThrough specifies another + way to provide the Kafka client-side JaaS configuration. + properties: + directoryPathInContainer: + description: 'directoryPathInContainer specifies + the directory path in the container where required + credentials are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + minLength: 1 + type: string + secretRef: + description: 'secretRef references the secret + containing the required credentials for authentication. + More info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the Kafka client authentication + type. Valid options are `plain`, `oauthbearer`, + `digest`, and `mtls`. + enum: + - plain + - oauthbearer + - digest + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: bootstrapEndpoint specifies the Kafka bootstrap + endpoint. + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: discovery specifies the capability to discover + the Kafka cluster. + properties: + name: + description: name is the name of the Confluent Platform + component cluster. + type: string + namespace: + description: namespace is where the Confluent Platform + component is running. The defauls value is the namespace + where CFK is running. + type: string + secretRef: + description: secretRef is the name of the secret used + to discover the Confluent Platform component. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: tls defines the client-side TLS setting for + the Kafka cluster. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the + directory path in the container where `keystore.jks`, + `truststore.jks`, and `jksPassword.txt` keys are + mounted. `truststore.jks` is not configured and + can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of + the secret containing the JKS password. More + info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + enabled: + description: enabled indicates whether the Confluent Platform + interceptor is enabled or disabled. + type: boolean + producer: + description: producer specifies the producer configuration + for the interceptor. If not configured, it uses the Kafka + dependency configuration. + properties: + authentication: + description: authentication defines the authentication + for the Kafka cluster. + properties: + jaasConfig: + description: jaasConfig specifies the Kafka client-side + JaaS configuration. + properties: + secretRef: + description: 'secretRef references the secret + containing the required credentials. More info: + https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: jaasConfigPassThrough specifies another + way to provide the Kafka client-side JaaS configuration. + properties: + directoryPathInContainer: + description: 'directoryPathInContainer specifies + the directory path in the container where required + credentials are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + minLength: 1 + type: string + secretRef: + description: 'secretRef references the secret + containing the required credentials for authentication. + More info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the Kafka client authentication + type. Valid options are `plain`, `oauthbearer`, + `digest`, and `mtls`. + enum: + - plain + - oauthbearer + - digest + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: bootstrapEndpoint specifies the Kafka bootstrap + endpoint. + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: discovery specifies the capability to discover + the Kafka cluster. + properties: + name: + description: name is the name of the Confluent Platform + component cluster. + type: string + namespace: + description: namespace is where the Confluent Platform + component is running. The defauls value is the namespace + where CFK is running. + type: string + secretRef: + description: secretRef is the name of the secret used + to discover the Confluent Platform component. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: tls defines the client-side TLS setting for + the Kafka cluster. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the + directory path in the container where `keystore.jks`, + `truststore.jks`, and `jksPassword.txt` keys are + mounted. `truststore.jks` is not configured and + can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of + the secret containing the JKS password. More + info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + publishMs: + type: integer + required: + - enabled + type: object + kafka: + description: kafka contains the Connect dependency for connecting + to Kafka. The discovery method is used if this is not specified. + properties: + authentication: + description: authentication defines the authentication for + the Kafka cluster. + properties: + jaasConfig: + description: jaasConfig specifies the Kafka client-side + JaaS configuration. + properties: + secretRef: + description: 'secretRef references the secret containing + the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: jaasConfigPassThrough specifies another way + to provide the Kafka client-side JaaS configuration. + properties: + directoryPathInContainer: + description: 'directoryPathInContainer specifies the + directory path in the container where required credentials + are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + minLength: 1 + type: string + secretRef: + description: 'secretRef references the secret containing + the required credentials for authentication. More + info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the Kafka client authentication + type. Valid options are `plain`, `oauthbearer`, `digest`, + and `mtls`. + enum: + - plain + - oauthbearer + - digest + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: bootstrapEndpoint specifies the Kafka bootstrap + endpoint. + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: discovery specifies the capability to discover + the Kafka cluster. + properties: + name: + description: name is the name of the Confluent Platform + component cluster. + type: string + namespace: + description: namespace is where the Confluent Platform + component is running. The defauls value is the namespace + where CFK is running. + type: string + secretRef: + description: secretRef is the name of the secret used + to discover the Confluent Platform component. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: tls defines the client-side TLS setting for the + Kafka cluster. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the + secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: mds contains the configuration for MDS dependency + when RBAC is enabled. + properties: + authentication: + description: authentication specifies the client side authentication + configuration for the MDS. + properties: + bearer: + description: bearer specifies the bearer authentication + settings. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the + directory path in the container where the credential + is mounted. + minLength: 1 + type: string + secretRef: + description: 'secretRef specifies the name of the + secret that contains the credential. More info: + https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the authentication method + for the MDS. The valid option is `bearer`. + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: endpoint specifies the MDS endpoint. + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: ClientTLSConfig specifies the TLS configuration + for the Confluent component (dependencies, listeners). + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the + secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: tokenKeyPair specifies the token keypair to configure + the MDS. + properties: + directoryPathInContainer: + description: directoryPathInContainer defines the directory + path in the container where the MDS token key pair are + mounted. + minLength: 1 + type: string + secretRef: + description: secretRef references the name of the secret + that contains the MDS token key pair. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - authentication + - endpoint + - tokenKeyPair + type: object + producer: + description: producer contains the security configuration to connect + to the Kafka cluster. It is used for source connectors. If `bootstrapEndpoint` + is not configured, the security is configured based on the Kafka + dependency configuration. Configure this property if different + bootstrap endpoint of security is required for the producer. + properties: + authentication: + description: authentication defines the authentication for + the Kafka cluster. + properties: + jaasConfig: + description: jaasConfig specifies the Kafka client-side + JaaS configuration. + properties: + secretRef: + description: 'secretRef references the secret containing + the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: jaasConfigPassThrough specifies another way + to provide the Kafka client-side JaaS configuration. + properties: + directoryPathInContainer: + description: 'directoryPathInContainer specifies the + directory path in the container where required credentials + are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + minLength: 1 + type: string + secretRef: + description: 'secretRef references the secret containing + the required credentials for authentication. More + info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the Kafka client authentication + type. Valid options are `plain`, `oauthbearer`, `digest`, + and `mtls`. + enum: + - plain + - oauthbearer + - digest + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: bootstrapEndpoint specifies the Kafka bootstrap + endpoint. + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: discovery specifies the capability to discover + the Kafka cluster. + properties: + name: + description: name is the name of the Confluent Platform + component cluster. + type: string + namespace: + description: namespace is where the Confluent Platform + component is running. The defauls value is the namespace + where CFK is running. + type: string + secretRef: + description: secretRef is the name of the secret used + to discover the Confluent Platform component. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: tls defines the client-side TLS setting for the + Kafka cluster. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the + secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + schemaRegistry: + description: schemaRegistry contains the dependency configuration + for the Schema Registry cluster. + properties: + authentication: + description: authentication specifies the authentication for + the Schema Registry cluster. + properties: + basic: + description: basic specifies the configuration for basic + authentication. + properties: + debug: + description: debug enables the basic authentication + debug logs for JaaS configuration. + type: boolean + directoryPathInContainer: + description: 'directoryPathInContainer allows to pass + the basic credential through a directory path in + the container. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + minLength: 1 + type: string + restrictedRoles: + description: restrictedRoles specify the restricted + roles on the server side only. Changes will be only + reflected in Control Center. This configuration + is ignored on the client side configuration. + items: + type: string + minItems: 1 + type: array + roles: + description: roles specify the roles on the server + side only. This configuration is ignored on the + client side configuration. + items: + type: string + type: array + secretRef: + description: 'secretRef defines secret reference to + pass the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the authentication scheme + for the REST API client. Valid options are `basic` and + `mtls`. + enum: + - basic + - mtls + type: string + required: + - type + type: object + tls: + description: tls defines the client-side TLS setting for the + Schema Registry cluster. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the + secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: url specifies the URL endpoint of the Schema + Registry cluster. + minLength: 1 + pattern: ^https?://.* + type: string + required: + - url + type: object + type: object + enableSchemas: + description: enableSchemas indicates whether to enable scheme or not. + type: boolean + externalAccess: + description: CPExternalAccess holds all external access policies for + the non-Kafka component clusters. + properties: + loadBalancer: + description: loadBalancer specifies the configuration to create + a Kubernetes load balancer service. + properties: + annotations: + additionalProperties: + type: string + description: annotations specify Kubernetes annotations for + the load balancer service. + type: object + domain: + description: domain is the domain name of the component cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: externalTrafficPolicy specifies the external + traffic policy for the service. Valid options are `Local` + and `Cluster`. + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: loadBalancerSourceRanges specify the source ranges. + items: + type: string + type: array + port: + description: port specifies the external port for the client + consumption. If not configured, the same internal/external + port is configured for the component. Information about + the port can be retrieved through the status API. + format: int32 + type: integer + prefix: + description: prefix specify the prefix for the given domain. + The default value is the name of the cluster. + minLength: 1 + type: string + servicePorts: + description: servicePorts specify the user-provided service + port(s). + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard service + names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be + enabled with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in + the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this + is not specified, the value of the ''port'' field + is used (an identity map). This field is ignored for + services with clusterIP=None, and should be omitted + or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'sessionAffinity defines the Kubernetes session + affinity. The valid options are `ClientIP` and `None`. `ClientIP` + enables the client IP-based session affinity. The default + value is `None`. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of the session affinity. + properties: + clientIP: + description: clientIP contains the configurations of Client + IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - domain + type: object + nodePort: + description: nodePort specifies the configuration to create a + Kubernetes node port service. + properties: + annotations: + additionalProperties: + type: string + description: annotations contain Kubernetes annotations for + the node port service. + type: object + externalTrafficPolicy: + description: externalTrafficPolicy specifies the external + traffic policy for the service. Valid options are `Local` + and `Cluster`. + enum: + - Local + - Cluster + type: string + host: + description: host defines the host name of the cluster. + minLength: 1 + type: string + nodePortOffset: + description: nodePortOffset specifies the starting offset + of the node ports. The port numbers go in ascending order + with respect to the replicas count. NodePort service creation + fails if the node port is not in the range supported by + the Kubernetes API server. The default Kubernetes Node Port + range is `30000` - `32762`. + format: int32 + minimum: 0 + type: integer + servicePorts: + description: servicePorts specify user-provided service port(s). + For Kafka with the nodePort type, this setting is only applied + to Kafka bootstrap service. + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard service + names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be + enabled with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in + the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this + is not specified, the value of the ''port'' field + is used (an identity map). This field is ignored for + services with clusterIP=None, and should be omitted + or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'sessionAffinity defines the Kubernetes session + affinity. The valid options are `ClientIP` and `None`. `ClientIP` + enables the client IP-based session affinity. The default + value is `None`. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of the session affinity. + properties: + clientIP: + description: clientIP contains the configurations of Client + IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - host + - nodePortOffset + type: object + route: + description: route specifies the configuration to create a route + service in OpenShift. + properties: + annotations: + additionalProperties: + type: string + description: annotations contain Kubernetes annotations for + the route services. + type: object + domain: + description: domain specifies the domain name of the Confluent + component cluster. + minLength: 1 + type: string + prefix: + description: prefix specifies the component prefix when configured + for the domain. The default value is the name of the cluster. + minLength: 1 + type: string + wildcardPolicy: + description: wildcardPolicy allows you to define a route that + covers all hosts within a domain. Valid options are `Subdomain` + and `None`. The default value is `None`. + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: type specifies the Kubernetes external service for + the component. Valid options are `loadBalancer`, `nodePort`, + and `route`. + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + image: + description: image specifies the application and the init docker image + configurations. A change to this setting will roll the cluster. + properties: + application: + description: application is the Docker image name of the application. + Specify `//:`. + pattern: .+:.+ + type: string + init: + description: init is the init-container name. Specify `//:`. + pattern: .+:.+ + type: string + pullPolicy: + description: pullPolicy is the policy for pulling images. Valid + options are `Always`, `Never`, and `IfNotPresent`. The default + value is `IfNotPresent`. + enum: + - Always + - Never + - IfNotPresent + type: string + pullSecretRef: + description: 'pullSecretRef references the secrets in the same + namespace to be used for pulling images. Image pull secrets + are distinct from secrets because secrets can be mounted in + the pod, but image pull secrets are only accessed by `kubelet`. + More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: injectAnnotations are the annotations injected to the + internal resources that CFK created. The internal annotations are + preserved and cannot be overridden. For pod annotations, use `podTemplate.annotations`. + type: object + injectLabels: + additionalProperties: + type: string + description: injectLabels are the labels injected to the internal + resources that CFK created. The internal labels are preserved and + cannot be overridden. For pod labels, use `podTemplate.labels`. + type: object + internalTopicReplicationFactor: + description: ' internalTopicReplicationFactor specifies the replication + factor for the internal topics. The default value is `3`.' + format: int32 + type: integer + k8sClusterDomain: + description: k8sClusterDomain specifies the configuration of the Kubernetes + cluster domain. The default is the `cluster.local` domain. + type: string + keyConverterType: + description: keyConverterType specifies the supported key converters + package for the Confluent Platform. For the supported converter + types, see https://docs.confluent.io/current/connect/concepts.html#connect-converters. + The default value is `org.apache.kafka.connect.json.JsonConverter`. + minLength: 1 + type: string + license: + description: license specifies the license configuration for the Confluent + Platform component. + properties: + directoryPathInContainer: + description: 'directoryPathInContainer specifies the directory + path in the container where the license key is mounted. More + info: https://docs.confluent.io/operator/current/co-license.html#update-component-level-licenses' + minLength: 1 + type: string + globalLicense: + description: globalLicense specifies whether the Confluent Platform + component shares the CFK license. + type: boolean + secretRef: + description: 'secretRef references the secret that provides the + license for the Confluent Platform component. More info: https://docs.confluent.io/operator/current/co-license.html#update-component-level-licenses' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + metrics: + description: metrics specify the security settings for the metric + services. + properties: + authentication: + description: authentication specifies the authentication configuration + for the metrics. + properties: + type: + description: type specifies the metrics authentication method. + The valid option is `mtls`. + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: prometheus specifies the configuration overrides + for the JMX-Prometheus exporter. + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Rule defines the Prometheus Exporter rule override. + properties: + attrNameSnakeCase: + type: boolean + cache: + type: boolean + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: tls specifies the TLS configuration for the metrics. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether to ignore + the truststore configuration for the Confluent component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the secret + containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing the + certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: 'mountedSecrets list the secrets injected to the underlying + statefulset configuration. The secret reference is mounted in the + default path `/mnt/secrets/`. The underlying resources + will follow the secret as a file configuration. More info: https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod. + A change to this setting will roll the cluster.' + items: + description: MountedSecrets provides a way to inject a custom secret + to the underlying statefulset. + properties: + keyItems: + description: keyItems are key and path names. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be in + conflict with other options that affect the file mode, + like fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: secretRef references the name of the secret. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + oneReplicaPerNode: + description: oneReplicaPerNode controls whether to run 1 pod per node + using the pod anti-affinity capability. Enabling this configuration + in an existing cluster will roll the cluster. + type: boolean + podTemplate: + description: podTemplate specifies the statefulset pod template configuration. + properties: + affinity: + description: 'affinity specifies a group of affinity scheduling + rules. More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity.' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from + its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term + matches no objects. The requirements of them are + ANDed. The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node that + violates one or more of the expressions. The node that + is most preferred is the one with the greatest sum of + weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod + label update), the system may or may not try to eventually + evict the pod from its node. When there are multiple + elements, the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'annotations are unstructured key value maps stored + with the resource and may be set by external tools to store + and retrieve arbitrary metadata. They are not queryable and + should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations.' + type: object + envVars: + description: 'envVars contain environment variables to be injected + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container.' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'labels are maps of string keys and values that can + be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels.' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present + in container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to + all containers in a pod. Some volume types allow the Kubelet + to change the ownership of that volume to be owned by the + pod: \n 1. The owning GID will be the FSGroup 2. The setgid + bit is set (new files created in the volume will be owned + by FSGroup) 3. The permission bits are OR'd with rw-rw---- + \n If unset, the Kubelet will not modify the ownership and + permissions of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence + for that container. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process + run in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options within a container's + SecurityContext will be used. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + priorityClassName: + description: priorityClassName specifies the priority class for + the pod (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: probe contains the fields for standard Kubernetes + readiness/liveness probe configuration. + properties: + liveness: + description: liveness configures the Kubernetes probe settings. + The changes will override the existing default configuration. + properties: + failureThreshold: + description: failureThreshold is the minimum consecutive + failures for the probe to be considered failed. Confluent + Platform components come with the right configuration, + and this setting is not required to change most of the + time. + format: int32 + type: integer + initialDelaySeconds: + description: initialDelaySeconds is the number of seconds + after the container has started and before probes are + initiated. Confluent Platform components come with the + right configuration, and this setting is not required + to change most of the time. + format: int32 + type: integer + periodSeconds: + description: periodSeconds specifies how often to perform + the probe. Confluent Platform components come with the + right configuration, and this setting is not required + to change most of the time. + format: int32 + type: integer + successThreshold: + description: successThreshold is the minimum consecutive + successes for the probe to be considered successful + after having failed. The default values is `1`. Must + be `1` for liveness and startup. The minimum value is + `1`. + format: int32 + type: integer + timeoutSeconds: + description: timeoutSeconds is the number of seconds after + which the probe times out. Confluent Platform components + come with the right configuration, and this setting + is not required to change most of the time. + format: int32 + type: integer + type: object + readiness: + description: readiness configures the Kubernetes probe setting. + The changes will override the existing default configuration. + properties: + failureThreshold: + description: failureThreshold is the minimum consecutive + failures for the probe to be considered failed. Confluent + Platform components come with the right configuration, + and this setting is not required to change most of the + time. + format: int32 + type: integer + initialDelaySeconds: + description: initialDelaySeconds is the number of seconds + after the container has started and before probes are + initiated. Confluent Platform components come with the + right configuration, and this setting is not required + to change most of the time. + format: int32 + type: integer + periodSeconds: + description: periodSeconds specifies how often to perform + the probe. Confluent Platform components come with the + right configuration, and this setting is not required + to change most of the time. + format: int32 + type: integer + successThreshold: + description: successThreshold is the minimum consecutive + successes for the probe to be considered successful + after having failed. The default values is `1`. Must + be `1` for liveness and startup. The minimum value is + `1`. + format: int32 + type: integer + timeoutSeconds: + description: timeoutSeconds is the number of seconds after + which the probe times out. Confluent Platform components + come with the right configuration, and this setting + is not required to change most of the time. + format: int32 + type: integer + type: object + type: object + resources: + description: resources describe the compute resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the service account + used to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account.' + type: string + terminationGracePeriodSeconds: + description: terminationGracePeriodSeconds is the grace period + before the pod is deleted. + format: int64 + type: integer + tolerations: + description: tolerations specify the pods to schedule onto the + nodes with matching taints, using the triple `` + and the matching operator ``. + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: topologySpreadConstraints describe how a group of + pods ought to spread across topology domains. Scheduler will + schedule pods based on the constraints. All topologySpreadConstraints + are ANDed. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods + may be unevenly distributed. It''s the maximum permitted + difference between the number of matching pods in any + two topology domains of a given topology type. For example, + in a 3-zone cluster, MaxSkew is set to 1, and pods with + the same labelSelector spread as 1/1/0: | zone1 | zone2 + | zone3 | | P | P | | - if MaxSkew is 1, + incoming pod can only be scheduled to zone3 to become + 1/1/1; scheduling it onto zone1(zone2) would make the + ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - + if MaxSkew is 2, incoming pod can be scheduled onto any + zone. It''s a required field. Default value is 1 and 0 + is not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - + DoNotSchedule (default) tells the scheduler not to schedule + it - ScheduleAnyway tells the scheduler to still schedule + it It''s considered as "Unsatisfiable" if and only if + placing incoming pod on any topology violates "MaxSkew". + For example, in a 3-zone cluster, MaxSkew is set to 1, + and pods with the same labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | | P P P | P | P | If + WhenUnsatisfiable is set to DoNotSchedule, incoming pod + can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). + In other words, the cluster can still be imbalanced, but + scheduler won''t make it *more* imbalanced. It''s a required + field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + replicas: + description: replicas is the desired number of replicas. A change + to this setting will roll the cluster. + format: int32 + type: integer + telemetry: + description: telemetry specifies the Confluent telemetry reporter + configuration. + properties: + global: + description: global allows disabling telemetry configuration. + If CFK is deployed with telemetry, this field is only used to + disable telemetry. The default value is `true` if telemetry + is enabled at the global level. + type: boolean + type: object + tls: + description: tls specifies the global-level TLS configuration. + properties: + autoGeneratedCerts: + description: autoGeneratedCerts specifies that the certificates + are auto-generated based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` is + not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether to ignore + the truststore configuration for the Confluent component. + type: boolean + jksPassword: + description: jksPassword references the secret containing the + JKS password. + properties: + secretRef: + description: 'secretRef references the name of the secret + containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing the certificates. + More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + valueConverterType: + description: valueConverterType specifies the supported value converters + package for the Confluent Platform. For the supported converter + types, see https://docs.confluent.io/current/connect/concepts.html#connect-converters. + The default value is `org.apache.kafka.connect.json.JsonConverter`. + minLength: 1 + type: string + required: + - image + - replicas + type: object + status: + description: status defines the observed state of the Connect cluster. + properties: + authorizationType: + description: authorizationType is the authorization type for this + Confluent component. + type: string + clusterName: + description: clusterName is the name of the Confluent Platform component + cluster. + type: string + clusterNamespace: + description: clusterNamespace is the namespace where the Confluent + Platform component cluster is running. + type: string + conditions: + description: conditions specify the latest available observations + of the current state. + items: + description: Condition represent the latest available observations + of the current state. + properties: + lastProbeTime: + description: lastProbeTime shows the last time the condition + was evaluated. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime shows the last time the condition + was transitioned from one status to another. + format: date-time + type: string + message: + description: message shows a human-readable message with details + about the transition. + type: string + reason: + description: reason shows the reason for the last transition + of the condition. + type: string + status: + description: status shows the status of the condition, one of + `True`, `False`, or `Unknown`. + type: string + type: + description: type shows the condition type. + type: string + type: object + type: array + connectorPlugins: + description: connectorPlugins are the installed connector plugins. + items: + description: ConnectorPluginStatus defines the state of the connector + plugin. + properties: + class: + description: class specifies the class name of the connector + plugin. + type: string + type: + description: type is the connector plugin type, which can be + `SOURCE`, `SINK` or `UNKNOWN`. + type: string + version: + description: version is the current version of the connector + plugin. + type: string + required: + - class + type: object + type: array + connectorTLSFilePaths: + description: connectorTLSFilePaths are the connector TLS file paths. + items: + description: CustomTLSFilePathStatus specifies the file paths of + the custom TLS certificates. + properties: + jksPasswordPath: + description: jksPasswordPath contains the absolute path of the + `jksPassword.txt` file. + type: string + keyStorePath: + description: keyStorePath contains the absolute path of the + keystore file, `.jks` or `.p12`. + type: string + trustStorePath: + description: trustStorePath contains the absolute path of the + truststore file, `.jks` or `.p12`. + type: string + type: object + type: array + currentReplicas: + description: currentReplicas is the number of currently running replicas. + format: int32 + type: integer + groupId: + description: groupId is the group id of the Connect cluster. + type: string + internalSecrets: + description: internalSecrets are internal secrets created by CFK for + this Confluent component. + items: + type: string + type: array + internalTopicNames: + description: internalTopicNames are the topics used by the component + for internal use. + items: + type: string + type: array + kafka: + description: kafka is the Kafka client side status for the Connect + cluster. + properties: + authenticationType: + description: authenticationType describes the authentication method + for the Kafka cluster. + type: string + bootstrapEndpoint: + description: bootstrapEndpoint specifies the Kafka bootstrap endpoint. + type: string + tls: + description: tls indicates whether TLS is enabled for the Kafka + dependency. + type: boolean + type: object + operatorVersion: + description: operatorVersion is the internal version of CFK. + type: string + phase: + description: phase describes the state of the Confluent Platform component. + type: string + rbac: + description: rbac contains the RBAC-related status when RBAC is enabled. + properties: + clusterId: + description: clusterId specifies the id of the cluster. + type: string + internalRolebindings: + description: internalRolebindings specifies the internal rolebindings. + items: + type: string + type: array + type: object + readyReplicas: + description: readyReplicas is the number of currently ready replicas. + format: int32 + type: integer + replicas: + description: replicas is the number of replicas. + format: int32 + type: integer + restConfig: + description: restConfig is the REST configuration of the Connect cluster. + properties: + advertisedExternalEndpoints: + description: advertisedExternalEndpoints specifies other advertised + endpoints used, especially for Kafka. + items: + type: string + type: array + authenticationType: + description: authenticationType shows the authentication type + configured by the listener. + type: string + externalAccessType: + description: externalAccessType shows the external access type + used for the listener. + type: string + externalEndpoint: + description: externalEndpoint specifies the external endpoint + to connect to the Confluent component cluster. + type: string + internalEndpoint: + description: internalEndpoint specifies the internal endpoint + to connect to the Confluent component cluster. + type: string + tls: + description: tls shows whether TLS is configured for the listener. + type: boolean + type: object + selector: + description: selector gets the label selector of the child pod. The + Horizontal Pod Autoscaler(HPA) will scale using the label selector + of the child pod. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.2.1/crds/platform.confluent.io_controlcenters.yaml b/base/cfk-base/2.2.1/crds/platform.confluent.io_controlcenters.yaml new file mode 100644 index 0000000..6b10e4f --- /dev/null +++ b/base/cfk-base/2.2.1/crds/platform.confluent.io_controlcenters.yaml @@ -0,0 +1,3105 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_controlcenters.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: controlcenters.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: ControlCenter + listKind: ControlCenterList + plural: controlcenters + shortNames: + - controlcenter + - c3 + singular: controlcenter + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.replicas + name: Replicas + type: string + - jsonPath: .status.readyReplicas + name: Ready + type: string + - jsonPath: .status.phase + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.kafka.bootstrapEndpoint + name: Kafka + priority: 1 + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: ControlCenter is the schema for the Control Center API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec defines the desired state of the Control Center cluster. + properties: + authentication: + description: authentication specifies the authentication configurations. + properties: + basic: + description: basic specifies the configuration for basic authentication. + properties: + debug: + description: debug enables the basic authentication debug + logs for JaaS configuration. + type: boolean + directoryPathInContainer: + description: 'directoryPathInContainer allows to pass the + basic credential through a directory path in the container. + More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + minLength: 1 + type: string + restrictedRoles: + description: restrictedRoles specify the restricted roles + on the server side only. Changes will be only reflected + in Control Center. This configuration is ignored on the + client side configuration. + items: + type: string + minItems: 1 + type: array + roles: + description: roles specify the roles on the server side only. + This configuration is ignored on the client side configuration. + items: + type: string + type: array + secretRef: + description: 'secretRef defines secret reference to pass the + required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + ldap: + description: ldap specifies the configuration for Control Center + LDAP authentication. + properties: + debug: + description: debug enables basic authentication debug logs + for JaaS configuration. + type: boolean + property: + additionalProperties: + type: string + description: property specifies the LDAP configuration. Use + a secret object to pass username/password. + type: object + restrictedRoles: + description: restrictedRoles specify the restricted access + roles. + items: + type: string + minItems: 1 + type: array + roles: + description: roles specify the roles on the server side only. + items: + type: string + minItems: 1 + type: array + secretRef: + description: 'secretRef references the secret to pass required + credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#ldap-authentication-for-c3' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the authentication type of the Control + Center. Valid options are `basic`, `ldap`, and `mtls`. + enum: + - basic + - ldap + - mtls + type: string + required: + - type + type: object + authorization: + description: authorization specifies the authorization configurations. + properties: + kafkaRestClassRef: + description: kafkaRestClassRef references the KafkaRestClass which + specifies the Kafka REST API connection configuration. + properties: + name: + description: name specifies the name of the KafkaRestClass + application resource. + minLength: 1 + type: string + namespace: + description: namespace specifies the namespace of the KafkaRestClass. + type: string + required: + - name + type: object + type: + description: type specifies the client-side authorization type. + The valid option is `rbac`. + enum: + - rbac + type: string + required: + - type + type: object + configOverrides: + description: configOverrides specifies the configs to override the + server, JVM, Log4j properties for the Control Center. + properties: + jvm: + description: jvm is a list of JVM configuration supported by the + Confluent Platform component. This will either add or update + the existing configuration. + items: + type: string + type: array + log4j: + description: log4j is a list of Log4J configuration supported + by the Confluent Platform component. This will either add or + update the existing configuration. + items: + type: string + type: array + server: + description: server is a list of server configuration supported + by the Confluent Platform component. This will either add or + update existing configuration. + items: + type: string + type: array + type: object + dataVolumeCapacity: + anyOf: + - type: integer + - type: string + description: dataVolumeCapacity specifies the data size for the persistent + volume. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + dependencies: + description: dependencies specify the dependencies configurations. + properties: + connect: + description: connect defines the Connect worker dependency configurations. + items: + description: ControlCenterConnectDependency defines the Connect + dependency settings. + properties: + authentication: + description: authentication specifies the authentication + configuration for the Connect cluster. + properties: + basic: + description: basic specifies the configuration for basic + authentication. + properties: + debug: + description: debug enables the basic authentication + debug logs for JaaS configuration. + type: boolean + directoryPathInContainer: + description: 'directoryPathInContainer allows to + pass the basic credential through a directory + path in the container. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + minLength: 1 + type: string + restrictedRoles: + description: restrictedRoles specify the restricted + roles on the server side only. Changes will be + only reflected in Control Center. This configuration + is ignored on the client side configuration. + items: + type: string + minItems: 1 + type: array + roles: + description: roles specify the roles on the server + side only. This configuration is ignored on the + client side configuration. + items: + type: string + type: array + secretRef: + description: 'secretRef defines secret reference + to pass the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the authentication scheme + for the REST API client. Valid options are `basic` + and `mtls`. + enum: + - basic + - mtls + type: string + required: + - type + type: object + name: + description: name specifies the Connect cluster name. + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + tls: + description: tls specifies the client-side TLS setting for + the Connect cluster. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the + directory path in the container where `keystore.jks`, + `truststore.jks`, and `jksPassword.txt` keys are mounted. + `truststore.jks` is not configured and can be ignored + when the `ignoreTrustStoreConfig` field is set to + `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the + secret containing the JKS password. More info: + https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: url specifies the URL endpoint of the Connect + cluster. + minLength: 1 + pattern: ^https?://.* + type: string + required: + - name + - url + type: object + type: array + kafka: + description: kafka defines the Kafka dependency configurations. + properties: + authentication: + description: authentication defines the authentication for + the Kafka cluster. + properties: + jaasConfig: + description: jaasConfig specifies the Kafka client-side + JaaS configuration. + properties: + secretRef: + description: 'secretRef references the secret containing + the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: jaasConfigPassThrough specifies another way + to provide the Kafka client-side JaaS configuration. + properties: + directoryPathInContainer: + description: 'directoryPathInContainer specifies the + directory path in the container where required credentials + are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + minLength: 1 + type: string + secretRef: + description: 'secretRef references the secret containing + the required credentials for authentication. More + info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the Kafka client authentication + type. Valid options are `plain`, `oauthbearer`, `digest`, + and `mtls`. + enum: + - plain + - oauthbearer + - digest + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: bootstrapEndpoint specifies the Kafka bootstrap + endpoint. + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: discovery specifies the capability to discover + the Kafka cluster. + properties: + name: + description: name is the name of the Confluent Platform + component cluster. + type: string + namespace: + description: namespace is where the Confluent Platform + component is running. The defauls value is the namespace + where CFK is running. + type: string + secretRef: + description: secretRef is the name of the secret used + to discover the Confluent Platform component. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: tls defines the client-side TLS setting for the + Kafka cluster. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the + secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + ksqldb: + description: ksqldb defines the ksqlDB dependency configurations. + items: + description: ControlCenterKSQLDependency defines the ksqlDB + dependency settings. + properties: + advertisedUrl: + description: advertisedUrl specifies the advertised URL + to use in the browser. + minLength: 1 + pattern: ^https?://.* + type: string + authentication: + description: authentication specifies the authentication + for the ksqlDB cluster. + properties: + basic: + description: basic specifies the configuration for basic + authentication. + properties: + debug: + description: debug enables the basic authentication + debug logs for JaaS configuration. + type: boolean + directoryPathInContainer: + description: 'directoryPathInContainer allows to + pass the basic credential through a directory + path in the container. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + minLength: 1 + type: string + restrictedRoles: + description: restrictedRoles specify the restricted + roles on the server side only. Changes will be + only reflected in Control Center. This configuration + is ignored on the client side configuration. + items: + type: string + minItems: 1 + type: array + roles: + description: roles specify the roles on the server + side only. This configuration is ignored on the + client side configuration. + items: + type: string + type: array + secretRef: + description: 'secretRef defines secret reference + to pass the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the authentication scheme + for the REST API client. Valid options are `basic` + and `mtls`. + enum: + - basic + - mtls + type: string + required: + - type + type: object + name: + description: name specifies the ksqlDB cluster name. + minLength: 1 + type: string + tls: + description: tls specifies the client-side TLS setting for + the ksqlDB cluster. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the + directory path in the container where `keystore.jks`, + `truststore.jks`, and `jksPassword.txt` keys are mounted. + `truststore.jks` is not configured and can be ignored + when the `ignoreTrustStoreConfig` field is set to + `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the + secret containing the JKS password. More info: + https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: url specifies the URL endpoint of the ksqlDB + cluster. + minLength: 1 + pattern: ^https?://.* + type: string + required: + - name + - url + type: object + type: array + mds: + description: mds defines the RBAC dependency configurations. + properties: + authentication: + description: authentication specifies the client side authentication + configuration for the MDS. + properties: + bearer: + description: bearer specifies the bearer authentication + settings. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the + directory path in the container where the credential + is mounted. + minLength: 1 + type: string + secretRef: + description: 'secretRef specifies the name of the + secret that contains the credential. More info: + https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the authentication method + for the MDS. The valid option is `bearer`. + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: endpoint specifies the MDS endpoint. + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: ClientTLSConfig specifies the TLS configuration + for the Confluent component (dependencies, listeners). + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the + secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: tokenKeyPair specifies the token keypair to configure + the MDS. + properties: + directoryPathInContainer: + description: directoryPathInContainer defines the directory + path in the container where the MDS token key pair are + mounted. + minLength: 1 + type: string + secretRef: + description: secretRef references the name of the secret + that contains the MDS token key pair. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - authentication + - endpoint + - tokenKeyPair + type: object + schemaRegistry: + description: schemaRegistry defines the Schema Registry dependency + configurations. + properties: + authentication: + description: authentication specifies the authentication for + the Schema Registry cluster. + properties: + basic: + description: basic specifies the configuration for basic + authentication. + properties: + debug: + description: debug enables the basic authentication + debug logs for JaaS configuration. + type: boolean + directoryPathInContainer: + description: 'directoryPathInContainer allows to pass + the basic credential through a directory path in + the container. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + minLength: 1 + type: string + restrictedRoles: + description: restrictedRoles specify the restricted + roles on the server side only. Changes will be only + reflected in Control Center. This configuration + is ignored on the client side configuration. + items: + type: string + minItems: 1 + type: array + roles: + description: roles specify the roles on the server + side only. This configuration is ignored on the + client side configuration. + items: + type: string + type: array + secretRef: + description: 'secretRef defines secret reference to + pass the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the authentication scheme + for the REST API client. Valid options are `basic` and + `mtls`. + enum: + - basic + - mtls + type: string + required: + - type + type: object + clusters: + items: + description: ControlCenterMultiSchemaRegistryDependency + defines the Schema Registry dependency List. + properties: + authentication: + description: authentication specifies the authentication + for the Schema Registry cluster. + properties: + basic: + description: basic specifies the configuration for + basic authentication. + properties: + debug: + description: debug enables the basic authentication + debug logs for JaaS configuration. + type: boolean + directoryPathInContainer: + description: 'directoryPathInContainer allows + to pass the basic credential through a directory + path in the container. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + minLength: 1 + type: string + restrictedRoles: + description: restrictedRoles specify the restricted + roles on the server side only. Changes will + be only reflected in Control Center. This + configuration is ignored on the client side + configuration. + items: + type: string + minItems: 1 + type: array + roles: + description: roles specify the roles on the + server side only. This configuration is ignored + on the client side configuration. + items: + type: string + type: array + secretRef: + description: 'secretRef defines secret reference + to pass the required credentials. More info: + https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the authentication scheme + for the REST API client. Valid options are `basic` + and `mtls`. + enum: + - basic + - mtls + type: string + required: + - type + type: object + name: + description: name defines the Schema Registry cluster + name. + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + tls: + description: tls defines the client-side TLS setting + for the Schema Registry cluster. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies + the directory path in the container where `keystore.jks`, + `truststore.jks`, and `jksPassword.txt` keys are + mounted. `truststore.jks` is not configured and + can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS + configuration for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the + Confluent component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name + of the secret containing the JKS password. + More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: url specifies the URL endpoint of the Schema + Registry cluster. + minLength: 1 + pattern: ^https?://.* + type: string + required: + - name + - url + type: object + type: array + tls: + description: tls defines the client-side TLS setting for the + Schema Registry cluster. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the + secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: url specifies the URL endpoint of the Schema + Registry cluster. + minLength: 1 + pattern: ^https?://.* + type: string + required: + - url + type: object + type: object + externalAccess: + description: externalAccess specifies the external access configuration + for the Control Center cluster. + properties: + loadBalancer: + description: loadBalancer specifies the configuration to create + a Kubernetes load balancer service. + properties: + annotations: + additionalProperties: + type: string + description: annotations specify Kubernetes annotations for + the load balancer service. + type: object + domain: + description: domain is the domain name of the component cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: externalTrafficPolicy specifies the external + traffic policy for the service. Valid options are `Local` + and `Cluster`. + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: loadBalancerSourceRanges specify the source ranges. + items: + type: string + type: array + port: + description: port specifies the external port for the client + consumption. If not configured, the same internal/external + port is configured for the component. Information about + the port can be retrieved through the status API. + format: int32 + type: integer + prefix: + description: prefix specify the prefix for the given domain. + The default value is the name of the cluster. + minLength: 1 + type: string + servicePorts: + description: servicePorts specify the user-provided service + port(s). + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard service + names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be + enabled with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in + the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this + is not specified, the value of the ''port'' field + is used (an identity map). This field is ignored for + services with clusterIP=None, and should be omitted + or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'sessionAffinity defines the Kubernetes session + affinity. The valid options are `ClientIP` and `None`. `ClientIP` + enables the client IP-based session affinity. The default + value is `None`. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of the session affinity. + properties: + clientIP: + description: clientIP contains the configurations of Client + IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - domain + type: object + nodePort: + description: nodePort specifies the configuration to create a + Kubernetes node port service. + properties: + annotations: + additionalProperties: + type: string + description: annotations contain Kubernetes annotations for + the node port service. + type: object + externalTrafficPolicy: + description: externalTrafficPolicy specifies the external + traffic policy for the service. Valid options are `Local` + and `Cluster`. + enum: + - Local + - Cluster + type: string + host: + description: host defines the host name of the cluster. + minLength: 1 + type: string + nodePortOffset: + description: nodePortOffset specifies the starting offset + of the node ports. The port numbers go in ascending order + with respect to the replicas count. NodePort service creation + fails if the node port is not in the range supported by + the Kubernetes API server. The default Kubernetes Node Port + range is `30000` - `32762`. + format: int32 + minimum: 0 + type: integer + servicePorts: + description: servicePorts specify user-provided service port(s). + For Kafka with the nodePort type, this setting is only applied + to Kafka bootstrap service. + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard service + names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be + enabled with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in + the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this + is not specified, the value of the ''port'' field + is used (an identity map). This field is ignored for + services with clusterIP=None, and should be omitted + or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'sessionAffinity defines the Kubernetes session + affinity. The valid options are `ClientIP` and `None`. `ClientIP` + enables the client IP-based session affinity. The default + value is `None`. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of the session affinity. + properties: + clientIP: + description: clientIP contains the configurations of Client + IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - host + - nodePortOffset + type: object + route: + description: route specifies the configuration to create a route + service in OpenShift. + properties: + annotations: + additionalProperties: + type: string + description: annotations contain Kubernetes annotations for + the route services. + type: object + domain: + description: domain specifies the domain name of the Confluent + component cluster. + minLength: 1 + type: string + prefix: + description: prefix specifies the component prefix when configured + for the domain. The default value is the name of the cluster. + minLength: 1 + type: string + wildcardPolicy: + description: wildcardPolicy allows you to define a route that + covers all hosts within a domain. Valid options are `Subdomain` + and `None`. The default value is `None`. + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: type specifies the Kubernetes external service for + the component. Valid options are `loadBalancer`, `nodePort`, + and `route`. + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + id: + description: id specifies the prefix used for this instance of Control + Center when multiple instances of Control Center co-exist. + format: int32 + type: integer + image: + description: image specifies the application and the init docker image + configurations. A change to this setting will roll the cluster. + properties: + application: + description: application is the Docker image name of the application. + Specify `//:`. + pattern: .+:.+ + type: string + init: + description: init is the init-container name. Specify `//:`. + pattern: .+:.+ + type: string + pullPolicy: + description: pullPolicy is the policy for pulling images. Valid + options are `Always`, `Never`, and `IfNotPresent`. The default + value is `IfNotPresent`. + enum: + - Always + - Never + - IfNotPresent + type: string + pullSecretRef: + description: 'pullSecretRef references the secrets in the same + namespace to be used for pulling images. Image pull secrets + are distinct from secrets because secrets can be mounted in + the pod, but image pull secrets are only accessed by `kubelet`. + More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: injectAnnotations are the annotations injected to the + internal resources that CFK created. The internal annotations are + preserved and cannot be overridden. For pod annotations, use `podTemplate.annotations`. + type: object + injectLabels: + additionalProperties: + type: string + description: injectLabels are the labels injected to the internal + resources that CFK created. The internal labels are preserved and + cannot be overridden. For pod labels, use `podTemplate.labels`. + type: object + internalTopicReplicatorFactor: + description: internalTopicReplicationFactor specifies the replication + factor for internal topics. + format: int32 + type: integer + k8sClusterDomain: + description: k8sClusterDomain specifies the configuration of the Kubernetes + cluster domain. The default is the `cluster.local` domain. + type: string + license: + description: license specifies the license configuration for the Confluent + Platform component. + properties: + directoryPathInContainer: + description: 'directoryPathInContainer specifies the directory + path in the container where the license key is mounted. More + info: https://docs.confluent.io/operator/current/co-license.html#update-component-level-licenses' + minLength: 1 + type: string + globalLicense: + description: globalLicense specifies whether the Confluent Platform + component shares the CFK license. + type: boolean + secretRef: + description: 'secretRef references the secret that provides the + license for the Confluent Platform component. More info: https://docs.confluent.io/operator/current/co-license.html#update-component-level-licenses' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + mail: + description: mail specifies the settings that control the SMTP server + and account used when an alert triggers an email action. + properties: + authentication: + description: authentication specifies the authentication for SMTP. + SMP only supports basic authentication. For other types of authentication, + use the config overrides capability. + properties: + basic: + description: basic specifies the configuration for basic authentication. + properties: + debug: + description: debug enables the basic authentication debug + logs for JaaS configuration. + type: boolean + directoryPathInContainer: + description: 'directoryPathInContainer allows to pass + the basic credential through a directory path in the + container. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + minLength: 1 + type: string + restrictedRoles: + description: restrictedRoles specify the restricted roles + on the server side only. Changes will be only reflected + in Control Center. This configuration is ignored on + the client side configuration. + items: + type: string + minItems: 1 + type: array + roles: + description: roles specify the roles on the server side + only. This configuration is ignored on the client side + configuration. + items: + type: string + type: array + secretRef: + description: 'secretRef defines secret reference to pass + the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the authentication scheme for + the REST API client. Valid options are `basic` and `mtls`. + enum: + - basic + - mtls + type: string + required: + - type + type: object + checkServerIdentity: + description: checkServerIdentity forces validation of server’s + certificate when using STARTTLS or SSL. + type: boolean + hostname: + description: hostname is the hostname of the outgoing SMTP server. + minLength: 1 + type: string + mailBounceAddress: + description: mailBounceAddress is the override for the `mailFrom` + config to send message. + minLength: 1 + type: string + mailFrom: + description: mailFrom is the originating address for emails sent + from the Control Center. + minLength: 1 + type: string + port: + description: port is the SMTP port open on the hostname. + format: int32 + type: integer + startTLSRequired: + description: startTLSRequired forces using STARTTLS. + type: boolean + required: + - hostname + type: object + metrics: + description: metrics specify the security settings for the metric + services. + properties: + authentication: + description: authentication specifies the authentication configuration + for the metrics. + properties: + type: + description: type specifies the metrics authentication method. + The valid option is `mtls`. + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: prometheus specifies the configuration overrides + for the JMX-Prometheus exporter. + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Rule defines the Prometheus Exporter rule override. + properties: + attrNameSnakeCase: + type: boolean + cache: + type: boolean + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: tls specifies the TLS configuration for the metrics. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether to ignore + the truststore configuration for the Confluent component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the secret + containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing the + certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + monitoringKafkaClusters: + description: monitoringKafkaClusters specify the configurations for + the Kafka clusters that this Control Center monitors. + items: + description: MonitoringKafkaClusters defines the configuration of + the additional Kafka clusters the Control Center monitors. + properties: + authentication: + description: authentication defines the authentication for the + Kafka cluster. + properties: + jaasConfig: + description: jaasConfig specifies the Kafka client-side + JaaS configuration. + properties: + secretRef: + description: 'secretRef references the secret containing + the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: jaasConfigPassThrough specifies another way + to provide the Kafka client-side JaaS configuration. + properties: + directoryPathInContainer: + description: 'directoryPathInContainer specifies the + directory path in the container where required credentials + are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + minLength: 1 + type: string + secretRef: + description: 'secretRef references the secret containing + the required credentials for authentication. More + info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the Kafka client authentication + type. Valid options are `plain`, `oauthbearer`, `digest`, + and `mtls`. + enum: + - plain + - oauthbearer + - digest + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: bootstrapEndpoint specifies the Kafka bootstrap + endpoint. + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: discovery specifies the capability to discover + the Kafka cluster. + properties: + name: + description: name is the name of the Confluent Platform + component cluster. + type: string + namespace: + description: namespace is where the Confluent Platform component + is running. The defauls value is the namespace where CFK + is running. + type: string + secretRef: + description: secretRef is the name of the secret used to + discover the Confluent Platform component. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + name: + description: name defines the Kafka cluster name. + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + tls: + description: tls defines the client-side TLS setting for the + Kafka cluster. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether to + ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the secret + containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + required: + - name + type: object + type: array + mountedSecrets: + description: 'mountedSecrets list the secrets injected to the underlying + statefulset configuration. The secret reference is mounted in the + default path `/mnt/secrets/`. The underlying resources + will follow the secret as a file configuration. More info: https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod. + A change to this setting will roll the cluster.' + items: + description: MountedSecrets provides a way to inject a custom secret + to the underlying statefulset. + properties: + keyItems: + description: keyItems are key and path names. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be in + conflict with other options that affect the file mode, + like fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: secretRef references the name of the secret. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + name: + description: name is the Control Center cluster name. + type: string + oneReplicaPerNode: + description: oneReplicaPerNode controls whether to run 1 pod per node + using the pod anti-affinity capability. Enabling this configuration + in an existing cluster will roll the cluster. + type: boolean + podTemplate: + description: podTemplate specifies the statefulset pod template configuration. + properties: + affinity: + description: 'affinity specifies a group of affinity scheduling + rules. More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity.' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from + its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term + matches no objects. The requirements of them are + ANDed. The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node that + violates one or more of the expressions. The node that + is most preferred is the one with the greatest sum of + weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod + label update), the system may or may not try to eventually + evict the pod from its node. When there are multiple + elements, the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'annotations are unstructured key value maps stored + with the resource and may be set by external tools to store + and retrieve arbitrary metadata. They are not queryable and + should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations.' + type: object + envVars: + description: 'envVars contain environment variables to be injected + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container.' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'labels are maps of string keys and values that can + be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels.' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present + in container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to + all containers in a pod. Some volume types allow the Kubelet + to change the ownership of that volume to be owned by the + pod: \n 1. The owning GID will be the FSGroup 2. The setgid + bit is set (new files created in the volume will be owned + by FSGroup) 3. The permission bits are OR'd with rw-rw---- + \n If unset, the Kubelet will not modify the ownership and + permissions of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence + for that container. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process + run in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options within a container's + SecurityContext will be used. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + priorityClassName: + description: priorityClassName specifies the priority class for + the pod (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: probe contains the fields for standard Kubernetes + readiness/liveness probe configuration. + properties: + liveness: + description: liveness configures the Kubernetes probe settings. + The changes will override the existing default configuration. + properties: + failureThreshold: + description: failureThreshold is the minimum consecutive + failures for the probe to be considered failed. Confluent + Platform components come with the right configuration, + and this setting is not required to change most of the + time. + format: int32 + type: integer + initialDelaySeconds: + description: initialDelaySeconds is the number of seconds + after the container has started and before probes are + initiated. Confluent Platform components come with the + right configuration, and this setting is not required + to change most of the time. + format: int32 + type: integer + periodSeconds: + description: periodSeconds specifies how often to perform + the probe. Confluent Platform components come with the + right configuration, and this setting is not required + to change most of the time. + format: int32 + type: integer + successThreshold: + description: successThreshold is the minimum consecutive + successes for the probe to be considered successful + after having failed. The default values is `1`. Must + be `1` for liveness and startup. The minimum value is + `1`. + format: int32 + type: integer + timeoutSeconds: + description: timeoutSeconds is the number of seconds after + which the probe times out. Confluent Platform components + come with the right configuration, and this setting + is not required to change most of the time. + format: int32 + type: integer + type: object + readiness: + description: readiness configures the Kubernetes probe setting. + The changes will override the existing default configuration. + properties: + failureThreshold: + description: failureThreshold is the minimum consecutive + failures for the probe to be considered failed. Confluent + Platform components come with the right configuration, + and this setting is not required to change most of the + time. + format: int32 + type: integer + initialDelaySeconds: + description: initialDelaySeconds is the number of seconds + after the container has started and before probes are + initiated. Confluent Platform components come with the + right configuration, and this setting is not required + to change most of the time. + format: int32 + type: integer + periodSeconds: + description: periodSeconds specifies how often to perform + the probe. Confluent Platform components come with the + right configuration, and this setting is not required + to change most of the time. + format: int32 + type: integer + successThreshold: + description: successThreshold is the minimum consecutive + successes for the probe to be considered successful + after having failed. The default values is `1`. Must + be `1` for liveness and startup. The minimum value is + `1`. + format: int32 + type: integer + timeoutSeconds: + description: timeoutSeconds is the number of seconds after + which the probe times out. Confluent Platform components + come with the right configuration, and this setting + is not required to change most of the time. + format: int32 + type: integer + type: object + type: object + resources: + description: resources describe the compute resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the service account + used to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account.' + type: string + terminationGracePeriodSeconds: + description: terminationGracePeriodSeconds is the grace period + before the pod is deleted. + format: int64 + type: integer + tolerations: + description: tolerations specify the pods to schedule onto the + nodes with matching taints, using the triple `` + and the matching operator ``. + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: topologySpreadConstraints describe how a group of + pods ought to spread across topology domains. Scheduler will + schedule pods based on the constraints. All topologySpreadConstraints + are ANDed. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods + may be unevenly distributed. It''s the maximum permitted + difference between the number of matching pods in any + two topology domains of a given topology type. For example, + in a 3-zone cluster, MaxSkew is set to 1, and pods with + the same labelSelector spread as 1/1/0: | zone1 | zone2 + | zone3 | | P | P | | - if MaxSkew is 1, + incoming pod can only be scheduled to zone3 to become + 1/1/1; scheduling it onto zone1(zone2) would make the + ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - + if MaxSkew is 2, incoming pod can be scheduled onto any + zone. It''s a required field. Default value is 1 and 0 + is not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - + DoNotSchedule (default) tells the scheduler not to schedule + it - ScheduleAnyway tells the scheduler to still schedule + it It''s considered as "Unsatisfiable" if and only if + placing incoming pod on any topology violates "MaxSkew". + For example, in a 3-zone cluster, MaxSkew is set to 1, + and pods with the same labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | | P P P | P | P | If + WhenUnsatisfiable is set to DoNotSchedule, incoming pod + can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). + In other words, the cluster can still be imbalanced, but + scheduler won''t make it *more* imbalanced. It''s a required + field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + replicas: + description: replicas is the desired number of replicas. A change + to this setting will roll the cluster. + format: int32 + type: integer + storageClass: + description: storageClass references the user-provided storage class. + properties: + name: + description: name is the storage class name. + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + telemetry: + description: telemetry specifies the Confluent telemetry reporter + configuration. + properties: + global: + description: global allows disabling telemetry configuration. + If CFK is deployed with telemetry, this field is only used to + disable telemetry. The default value is `true` if telemetry + is enabled at the global level. + type: boolean + type: object + tls: + description: tls specifies the TLS configurations. + properties: + autoGeneratedCerts: + description: autoGeneratedCerts specifies that the certificates + are auto-generated based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` is + not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether to ignore + the truststore configuration for the Confluent component. + type: boolean + jksPassword: + description: jksPassword references the secret containing the + JKS password. + properties: + secretRef: + description: 'secretRef references the name of the secret + containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing the certificates. + More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - dataVolumeCapacity + - image + - replicas + type: object + status: + description: status defines the observed state of the Control Center cluster. + properties: + authorizationType: + description: authorizationType is the authorization type for this + Confluent component. + type: string + clusterName: + description: clusterName is the name of the Confluent Platform component + cluster. + type: string + clusterNamespace: + description: clusterNamespace is the namespace where the Confluent + Platform component cluster is running. + type: string + conditions: + description: conditions specify the latest available observations + of the current state. + items: + description: Condition represent the latest available observations + of the current state. + properties: + lastProbeTime: + description: lastProbeTime shows the last time the condition + was evaluated. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime shows the last time the condition + was transitioned from one status to another. + format: date-time + type: string + message: + description: message shows a human-readable message with details + about the transition. + type: string + reason: + description: reason shows the reason for the last transition + of the condition. + type: string + status: + description: status shows the status of the condition, one of + `True`, `False`, or `Unknown`. + type: string + type: + description: type shows the condition type. + type: string + type: object + type: array + controlCenterName: + description: name is the name of the Control Center cluster. + type: string + currentReplicas: + description: currentReplicas is the number of currently running replicas. + format: int32 + type: integer + id: + description: id is the identifier of the Control Center cluster. + format: int32 + type: integer + internalSecrets: + description: internalSecrets are internal secrets created by CFK for + this Confluent component. + items: + type: string + type: array + internalTopicNames: + description: internalTopicNames are the topics used by the component + for internal use. + items: + type: string + type: array + kafka: + description: kafka is the Kafka client side status for the Control + Center cluster. + properties: + authenticationType: + description: authenticationType describes the authentication method + for the Kafka cluster. + type: string + bootstrapEndpoint: + description: bootstrapEndpoint specifies the Kafka bootstrap endpoint. + type: string + tls: + description: tls indicates whether TLS is enabled for the Kafka + dependency. + type: boolean + type: object + operatorVersion: + description: operatorVersion is the internal version of CFK. + type: string + phase: + description: phase describes the state of the Confluent Platform component. + type: string + rbac: + description: rbac contains the RBAC-related status when RBAC is enabled. + properties: + clusterId: + description: clusterId specifies the id of the cluster. + type: string + internalRolebindings: + description: internalRolebindings specifies the internal rolebindings. + items: + type: string + type: array + type: object + readyReplicas: + description: readyReplicas is the number of currently ready replicas. + format: int32 + type: integer + replicas: + description: replicas is the number of replicas. + format: int32 + type: integer + restConfig: + description: restConfig is the REST API configuration of the Control + Center cluster. + properties: + advertisedExternalEndpoints: + description: advertisedExternalEndpoints specifies other advertised + endpoints used, especially for Kafka. + items: + type: string + type: array + authenticationType: + description: authenticationType shows the authentication type + configured by the listener. + type: string + externalAccessType: + description: externalAccessType shows the external access type + used for the listener. + type: string + externalEndpoint: + description: externalEndpoint specifies the external endpoint + to connect to the Confluent component cluster. + type: string + internalEndpoint: + description: internalEndpoint specifies the internal endpoint + to connect to the Confluent component cluster. + type: string + tls: + description: tls shows whether TLS is configured for the listener. + type: boolean + type: object + selector: + description: selector gets the label selector of the child pod. The + Horizontal Pod Autoscaler(HPA) will scale using the label selector + of the child pod. + type: string + required: + - id + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.2.1/crds/platform.confluent.io_kafkarestclasses.yaml b/base/cfk-base/2.2.1/crds/platform.confluent.io_kafkarestclasses.yaml new file mode 100644 index 0000000..3507e27 --- /dev/null +++ b/base/cfk-base/2.2.1/crds/platform.confluent.io_kafkarestclasses.yaml @@ -0,0 +1,311 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_kafkarestclasses.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: kafkarestclasses.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: KafkaRestClass + listKind: KafkaRestClassList + plural: kafkarestclasses + shortNames: + - krc + - kafkarestclass + singular: kafkarestclass + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: KafkaRestClass is the schema for the Kafka REST API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec defines the desired state of the KafkaRestClass. + properties: + kafkaClusterRef: + description: kafkaClusterRef specifies the name of the Kafka cluster. + properties: + name: + description: name specifies the name of the Confluent Platform + component cluster. + type: string + namespace: + description: namespace specifies the namespace where the Confluent + Platform component cluster is running. + type: string + required: + - name + type: object + kafkaRest: + description: kafkaRest specifies the Kafka REST API configuration. + properties: + authentication: + description: authentication specifies the REST API authentication + mechanism. + properties: + basic: + description: basic specifies the basic authentication settings + for the REST API client. + properties: + secretRef: + description: secretRef references the name of the secret. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + bearer: + description: bearer specifies the bearer authentication settings + for the REST API client. + properties: + secretRef: + description: secretRef references the name of the secret. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: + description: type specifies the REST API authentication type. + Valid options are `basic`, `bearer`, and `mtls`. + enum: + - basic + - bearer + - mtls + type: string + required: + - type + type: object + endpoint: + description: endpoint specifies where Confluent REST API is running. + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: tls specifies the custom TLS structure for the application + resources, e.g. connector, topic, schema, of the Confluent Platform + components. + properties: + directoryPathInContainer: + description: directoryPathInContainer contains the directory + path in the container where `keystore.jks`, `truststore.jks`, + `jksPassword.txt` keys are mounted. + minLength: 1 + type: string + jksPassword: + description: jksPassword specifies the secret name that contains + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the secret + containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef specifies the secret name that contains + the certificates. More info about certificates key/value + format: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: object + secondaryKafkaClusterRef: + description: secondaryKafkaClusterRef specifies the name of the secondary + Kafka cluster when using centralized RBAC. + properties: + name: + description: name specifies the name of the Confluent Platform + component cluster. + type: string + namespace: + description: namespace specifies the namespace where the Confluent + Platform component cluster is running. + type: string + required: + - name + type: object + secondaryKafkaRest: + description: secondaryKafkaRest specifies the secondary Kafka REST + API configuration when using centralized RBAC. + properties: + authentication: + description: authentication specifies the REST API authentication + mechanism. + properties: + basic: + description: basic specifies the basic authentication settings + for the REST API client. + properties: + secretRef: + description: secretRef references the name of the secret. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + bearer: + description: bearer specifies the bearer authentication settings + for the REST API client. + properties: + secretRef: + description: secretRef references the name of the secret. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: + description: type specifies the REST API authentication type. + Valid options are `basic`, `bearer`, and `mtls`. + enum: + - basic + - bearer + - mtls + type: string + required: + - type + type: object + endpoint: + description: endpoint specifies where Confluent REST API is running. + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: tls specifies the custom TLS structure for the application + resources, e.g. connector, topic, schema, of the Confluent Platform + components. + properties: + directoryPathInContainer: + description: directoryPathInContainer contains the directory + path in the container where `keystore.jks`, `truststore.jks`, + `jksPassword.txt` keys are mounted. + minLength: 1 + type: string + jksPassword: + description: jksPassword specifies the secret name that contains + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the secret + containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef specifies the secret name that contains + the certificates. More info about certificates key/value + format: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: object + type: object + status: + description: status defines the observed state of the KafkaRestClass. + properties: + conditions: + description: conditions are the latest available observed state of + the kafkaRestClass. + items: + description: Condition represent the latest available observations + of the current state. + properties: + lastProbeTime: + description: lastProbeTime shows the last time the condition + was evaluated. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime shows the last time the condition + was transitioned from one status to another. + format: date-time + type: string + message: + description: message shows a human-readable message with details + about the transition. + type: string + reason: + description: reason shows the reason for the last transition + of the condition. + type: string + status: + description: status shows the status of the condition, one of + `True`, `False`, or `Unknown`. + type: string + type: + description: type shows the condition type. + type: string + type: object + type: array + endpoint: + description: endpoint specifies the Kafka REST API / MDS endpoint. + type: string + kafkaClusterId: + description: kafkaClusterId specifies the id of the Kafka cluster. + If using centralized RBAC and kafkaRestClass is for the secondary + Kafka cluster, it will be the cluster id of the secondary Kafka + cluster. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.2.1/crds/platform.confluent.io_kafkarestproxies.yaml b/base/cfk-base/2.2.1/crds/platform.confluent.io_kafkarestproxies.yaml new file mode 100644 index 0000000..32882e6 --- /dev/null +++ b/base/cfk-base/2.2.1/crds/platform.confluent.io_kafkarestproxies.yaml @@ -0,0 +1,2724 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_kafkarestproxies.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: kafkarestproxies.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: KafkaRestProxy + listKind: KafkaRestProxyList + plural: kafkarestproxies + shortNames: + - kafkarestproxy + - krp + singular: kafkarestproxy + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.replicas + name: Replicas + type: string + - jsonPath: .status.readyReplicas + name: Ready + type: string + - jsonPath: .status.phase + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.kafka.bootstrapEndpoint + name: Kafka + priority: 1 + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: KafkaRestProxy is the schema for the Kafka REST Proxy API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec defines the desired state of the KafkaRestProxy cluster. + properties: + authentication: + description: authentication specifies the authentication configurations + for the KafkaRestProxy cluster. + properties: + basic: + description: basic specifies the configuration for basic authentication. + properties: + debug: + description: debug enables the basic authentication debug + logs for JaaS configuration. + type: boolean + directoryPathInContainer: + description: 'directoryPathInContainer allows to pass the + basic credential through a directory path in the container. + More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + minLength: 1 + type: string + restrictedRoles: + description: restrictedRoles specify the restricted roles + on the server side only. Changes will be only reflected + in Control Center. This configuration is ignored on the + client side configuration. + items: + type: string + minItems: 1 + type: array + roles: + description: roles specify the roles on the server side only. + This configuration is ignored on the client side configuration. + items: + type: string + type: array + secretRef: + description: 'secretRef defines secret reference to pass the + required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the authentication scheme for the + REST API server. Valid options are `basic` and `mtls`. + enum: + - basic + - mtls + type: string + required: + - type + type: object + authorization: + description: authorization specifies the RBAC configuration for the + KafkaRestProxy cluster. + properties: + kafkaRestClassRef: + description: kafkaRestClassRef references the KafkaRestClass which + specifies the Kafka REST API connection configuration. + properties: + name: + description: name specifies the name of the KafkaRestClass + application resource. + minLength: 1 + type: string + namespace: + description: namespace specifies the namespace of the KafkaRestClass. + type: string + required: + - name + type: object + type: + description: type specifies the client-side authorization type. + The valid option is `rbac`. + enum: + - rbac + type: string + required: + - type + type: object + configOverrides: + description: configOverrides specifies the configs to override the + server, JVM, Log4j properties for the KafkaRestProxy cluster. A + change will roll the cluster. + properties: + jvm: + description: jvm is a list of JVM configuration supported by the + Confluent Platform component. This will either add or update + the existing configuration. + items: + type: string + type: array + log4j: + description: log4j is a list of Log4J configuration supported + by the Confluent Platform component. This will either add or + update the existing configuration. + items: + type: string + type: array + server: + description: server is a list of server configuration supported + by the Confluent Platform component. This will either add or + update existing configuration. + items: + type: string + type: array + type: object + dependencies: + description: dependencies specifies the dependency configurations + for Kafka, Interceptor, Schema Registry, and the MDS. + properties: + interceptor: + description: interceptor specifies the interceptor dependency + configuration. + properties: + configs: + description: configs describe the configurations for the Confluent + Platform interceptor. The config override feature can be + used to pass the configuration settings. + items: + type: string + type: array + consumer: + description: consumer specifies the consumer configuration + for the interceptor. If not configured, it uses the Kafka + dependency configuration. + properties: + authentication: + description: authentication defines the authentication + for the Kafka cluster. + properties: + jaasConfig: + description: jaasConfig specifies the Kafka client-side + JaaS configuration. + properties: + secretRef: + description: 'secretRef references the secret + containing the required credentials. More info: + https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: jaasConfigPassThrough specifies another + way to provide the Kafka client-side JaaS configuration. + properties: + directoryPathInContainer: + description: 'directoryPathInContainer specifies + the directory path in the container where required + credentials are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + minLength: 1 + type: string + secretRef: + description: 'secretRef references the secret + containing the required credentials for authentication. + More info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the Kafka client authentication + type. Valid options are `plain`, `oauthbearer`, + `digest`, and `mtls`. + enum: + - plain + - oauthbearer + - digest + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: bootstrapEndpoint specifies the Kafka bootstrap + endpoint. + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: discovery specifies the capability to discover + the Kafka cluster. + properties: + name: + description: name is the name of the Confluent Platform + component cluster. + type: string + namespace: + description: namespace is where the Confluent Platform + component is running. The defauls value is the namespace + where CFK is running. + type: string + secretRef: + description: secretRef is the name of the secret used + to discover the Confluent Platform component. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: tls defines the client-side TLS setting for + the Kafka cluster. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the + directory path in the container where `keystore.jks`, + `truststore.jks`, and `jksPassword.txt` keys are + mounted. `truststore.jks` is not configured and + can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of + the secret containing the JKS password. More + info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + enabled: + description: enabled indicates whether the Confluent Platform + interceptor is enabled or disabled. + type: boolean + producer: + description: producer specifies the producer configuration + for the interceptor. If not configured, it uses the Kafka + dependency configuration. + properties: + authentication: + description: authentication defines the authentication + for the Kafka cluster. + properties: + jaasConfig: + description: jaasConfig specifies the Kafka client-side + JaaS configuration. + properties: + secretRef: + description: 'secretRef references the secret + containing the required credentials. More info: + https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: jaasConfigPassThrough specifies another + way to provide the Kafka client-side JaaS configuration. + properties: + directoryPathInContainer: + description: 'directoryPathInContainer specifies + the directory path in the container where required + credentials are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + minLength: 1 + type: string + secretRef: + description: 'secretRef references the secret + containing the required credentials for authentication. + More info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the Kafka client authentication + type. Valid options are `plain`, `oauthbearer`, + `digest`, and `mtls`. + enum: + - plain + - oauthbearer + - digest + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: bootstrapEndpoint specifies the Kafka bootstrap + endpoint. + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: discovery specifies the capability to discover + the Kafka cluster. + properties: + name: + description: name is the name of the Confluent Platform + component cluster. + type: string + namespace: + description: namespace is where the Confluent Platform + component is running. The defauls value is the namespace + where CFK is running. + type: string + secretRef: + description: secretRef is the name of the secret used + to discover the Confluent Platform component. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: tls defines the client-side TLS setting for + the Kafka cluster. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the + directory path in the container where `keystore.jks`, + `truststore.jks`, and `jksPassword.txt` keys are + mounted. `truststore.jks` is not configured and + can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of + the secret containing the JKS password. More + info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + publishMs: + type: integer + required: + - enabled + type: object + kafka: + description: kafka specifies the Kafka dependency configuration. + properties: + authentication: + description: authentication defines the authentication for + the Kafka cluster. + properties: + jaasConfig: + description: jaasConfig specifies the Kafka client-side + JaaS configuration. + properties: + secretRef: + description: 'secretRef references the secret containing + the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: jaasConfigPassThrough specifies another way + to provide the Kafka client-side JaaS configuration. + properties: + directoryPathInContainer: + description: 'directoryPathInContainer specifies the + directory path in the container where required credentials + are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + minLength: 1 + type: string + secretRef: + description: 'secretRef references the secret containing + the required credentials for authentication. More + info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the Kafka client authentication + type. Valid options are `plain`, `oauthbearer`, `digest`, + and `mtls`. + enum: + - plain + - oauthbearer + - digest + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: bootstrapEndpoint specifies the Kafka bootstrap + endpoint. + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: discovery specifies the capability to discover + the Kafka cluster. + properties: + name: + description: name is the name of the Confluent Platform + component cluster. + type: string + namespace: + description: namespace is where the Confluent Platform + component is running. The defauls value is the namespace + where CFK is running. + type: string + secretRef: + description: secretRef is the name of the secret used + to discover the Confluent Platform component. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: tls defines the client-side TLS setting for the + Kafka cluster. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the + secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: mds specifies the MDS dependencies configuration. + properties: + authentication: + description: authentication specifies the client side authentication + configuration for the MDS. + properties: + bearer: + description: bearer specifies the bearer authentication + settings. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the + directory path in the container where the credential + is mounted. + minLength: 1 + type: string + secretRef: + description: 'secretRef specifies the name of the + secret that contains the credential. More info: + https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the authentication method + for the MDS. The valid option is `bearer`. + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: endpoint specifies the MDS endpoint. + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: ClientTLSConfig specifies the TLS configuration + for the Confluent component (dependencies, listeners). + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the + secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: tokenKeyPair specifies the token keypair to configure + the MDS. + properties: + directoryPathInContainer: + description: directoryPathInContainer defines the directory + path in the container where the MDS token key pair are + mounted. + minLength: 1 + type: string + secretRef: + description: secretRef references the name of the secret + that contains the MDS token key pair. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - authentication + - endpoint + - tokenKeyPair + type: object + schemaRegistry: + description: schemaRegistry specifies the Schema Registry dependency + configuration. + properties: + authentication: + description: authentication specifies the authentication for + the Schema Registry cluster. + properties: + basic: + description: basic specifies the configuration for basic + authentication. + properties: + debug: + description: debug enables the basic authentication + debug logs for JaaS configuration. + type: boolean + directoryPathInContainer: + description: 'directoryPathInContainer allows to pass + the basic credential through a directory path in + the container. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + minLength: 1 + type: string + restrictedRoles: + description: restrictedRoles specify the restricted + roles on the server side only. Changes will be only + reflected in Control Center. This configuration + is ignored on the client side configuration. + items: + type: string + minItems: 1 + type: array + roles: + description: roles specify the roles on the server + side only. This configuration is ignored on the + client side configuration. + items: + type: string + type: array + secretRef: + description: 'secretRef defines secret reference to + pass the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the authentication scheme + for the REST API client. Valid options are `basic` and + `mtls`. + enum: + - basic + - mtls + type: string + required: + - type + type: object + tls: + description: tls defines the client-side TLS setting for the + Schema Registry cluster. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the + secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: url specifies the URL endpoint of the Schema + Registry cluster. + minLength: 1 + pattern: ^https?://.* + type: string + required: + - url + type: object + type: object + externalAccess: + description: externalAccess specifies the external access configuration. + properties: + loadBalancer: + description: loadBalancer specifies the configuration to create + a Kubernetes load balancer service. + properties: + annotations: + additionalProperties: + type: string + description: annotations specify Kubernetes annotations for + the load balancer service. + type: object + domain: + description: domain is the domain name of the component cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: externalTrafficPolicy specifies the external + traffic policy for the service. Valid options are `Local` + and `Cluster`. + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: loadBalancerSourceRanges specify the source ranges. + items: + type: string + type: array + port: + description: port specifies the external port for the client + consumption. If not configured, the same internal/external + port is configured for the component. Information about + the port can be retrieved through the status API. + format: int32 + type: integer + prefix: + description: prefix specify the prefix for the given domain. + The default value is the name of the cluster. + minLength: 1 + type: string + servicePorts: + description: servicePorts specify the user-provided service + port(s). + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard service + names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be + enabled with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in + the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this + is not specified, the value of the ''port'' field + is used (an identity map). This field is ignored for + services with clusterIP=None, and should be omitted + or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'sessionAffinity defines the Kubernetes session + affinity. The valid options are `ClientIP` and `None`. `ClientIP` + enables the client IP-based session affinity. The default + value is `None`. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of the session affinity. + properties: + clientIP: + description: clientIP contains the configurations of Client + IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - domain + type: object + nodePort: + description: nodePort specifies the configuration to create a + Kubernetes node port service. + properties: + annotations: + additionalProperties: + type: string + description: annotations contain Kubernetes annotations for + the node port service. + type: object + externalTrafficPolicy: + description: externalTrafficPolicy specifies the external + traffic policy for the service. Valid options are `Local` + and `Cluster`. + enum: + - Local + - Cluster + type: string + host: + description: host defines the host name of the cluster. + minLength: 1 + type: string + nodePortOffset: + description: nodePortOffset specifies the starting offset + of the node ports. The port numbers go in ascending order + with respect to the replicas count. NodePort service creation + fails if the node port is not in the range supported by + the Kubernetes API server. The default Kubernetes Node Port + range is `30000` - `32762`. + format: int32 + minimum: 0 + type: integer + servicePorts: + description: servicePorts specify user-provided service port(s). + For Kafka with the nodePort type, this setting is only applied + to Kafka bootstrap service. + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard service + names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be + enabled with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in + the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this + is not specified, the value of the ''port'' field + is used (an identity map). This field is ignored for + services with clusterIP=None, and should be omitted + or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'sessionAffinity defines the Kubernetes session + affinity. The valid options are `ClientIP` and `None`. `ClientIP` + enables the client IP-based session affinity. The default + value is `None`. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of the session affinity. + properties: + clientIP: + description: clientIP contains the configurations of Client + IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - host + - nodePortOffset + type: object + route: + description: route specifies the configuration to create a route + service in OpenShift. + properties: + annotations: + additionalProperties: + type: string + description: annotations contain Kubernetes annotations for + the route services. + type: object + domain: + description: domain specifies the domain name of the Confluent + component cluster. + minLength: 1 + type: string + prefix: + description: prefix specifies the component prefix when configured + for the domain. The default value is the name of the cluster. + minLength: 1 + type: string + wildcardPolicy: + description: wildcardPolicy allows you to define a route that + covers all hosts within a domain. Valid options are `Subdomain` + and `None`. The default value is `None`. + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: type specifies the Kubernetes external service for + the component. Valid options are `loadBalancer`, `nodePort`, + and `route`. + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + image: + description: image specifies the application and the init docker image + configurations. A change to this setting will roll the cluster. + properties: + application: + description: application is the Docker image name of the application. + Specify `//:`. + pattern: .+:.+ + type: string + init: + description: init is the init-container name. Specify `//:`. + pattern: .+:.+ + type: string + pullPolicy: + description: pullPolicy is the policy for pulling images. Valid + options are `Always`, `Never`, and `IfNotPresent`. The default + value is `IfNotPresent`. + enum: + - Always + - Never + - IfNotPresent + type: string + pullSecretRef: + description: 'pullSecretRef references the secrets in the same + namespace to be used for pulling images. Image pull secrets + are distinct from secrets because secrets can be mounted in + the pod, but image pull secrets are only accessed by `kubelet`. + More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: injectAnnotations are the annotations injected to the + internal resources that CFK created. The internal annotations are + preserved and cannot be overridden. For pod annotations, use `podTemplate.annotations`. + type: object + injectLabels: + additionalProperties: + type: string + description: injectLabels are the labels injected to the internal + resources that CFK created. The internal labels are preserved and + cannot be overridden. For pod labels, use `podTemplate.labels`. + type: object + k8sClusterDomain: + description: k8sClusterDomain specifies the configuration of the Kubernetes + cluster domain. The default is the `cluster.local` domain. + type: string + license: + description: license specifies the license configuration for the Confluent + Platform component. + properties: + directoryPathInContainer: + description: 'directoryPathInContainer specifies the directory + path in the container where the license key is mounted. More + info: https://docs.confluent.io/operator/current/co-license.html#update-component-level-licenses' + minLength: 1 + type: string + globalLicense: + description: globalLicense specifies whether the Confluent Platform + component shares the CFK license. + type: boolean + secretRef: + description: 'secretRef references the secret that provides the + license for the Confluent Platform component. More info: https://docs.confluent.io/operator/current/co-license.html#update-component-level-licenses' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + metrics: + description: metrics specify the security settings for the metric + services. + properties: + authentication: + description: authentication specifies the authentication configuration + for the metrics. + properties: + type: + description: type specifies the metrics authentication method. + The valid option is `mtls`. + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: prometheus specifies the configuration overrides + for the JMX-Prometheus exporter. + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Rule defines the Prometheus Exporter rule override. + properties: + attrNameSnakeCase: + type: boolean + cache: + type: boolean + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: tls specifies the TLS configuration for the metrics. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether to ignore + the truststore configuration for the Confluent component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the secret + containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing the + certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: 'mountedSecrets list the secrets injected to the underlying + statefulset configuration. The secret reference is mounted in the + default path `/mnt/secrets/`. The underlying resources + will follow the secret as a file configuration. More info: https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod. + A change to this setting will roll the cluster.' + items: + description: MountedSecrets provides a way to inject a custom secret + to the underlying statefulset. + properties: + keyItems: + description: keyItems are key and path names. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be in + conflict with other options that affect the file mode, + like fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: secretRef references the name of the secret. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + oneReplicaPerNode: + description: oneReplicaPerNode controls whether to run 1 pod per node + using the pod anti-affinity capability. Enabling this configuration + in an existing cluster will roll the cluster. + type: boolean + podTemplate: + description: podTemplate specifies the statefulset pod template configuration. + properties: + affinity: + description: 'affinity specifies a group of affinity scheduling + rules. More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity.' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from + its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term + matches no objects. The requirements of them are + ANDed. The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node that + violates one or more of the expressions. The node that + is most preferred is the one with the greatest sum of + weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod + label update), the system may or may not try to eventually + evict the pod from its node. When there are multiple + elements, the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'annotations are unstructured key value maps stored + with the resource and may be set by external tools to store + and retrieve arbitrary metadata. They are not queryable and + should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations.' + type: object + envVars: + description: 'envVars contain environment variables to be injected + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container.' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'labels are maps of string keys and values that can + be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels.' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present + in container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to + all containers in a pod. Some volume types allow the Kubelet + to change the ownership of that volume to be owned by the + pod: \n 1. The owning GID will be the FSGroup 2. The setgid + bit is set (new files created in the volume will be owned + by FSGroup) 3. The permission bits are OR'd with rw-rw---- + \n If unset, the Kubelet will not modify the ownership and + permissions of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence + for that container. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process + run in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options within a container's + SecurityContext will be used. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + priorityClassName: + description: priorityClassName specifies the priority class for + the pod (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: probe contains the fields for standard Kubernetes + readiness/liveness probe configuration. + properties: + liveness: + description: liveness configures the Kubernetes probe settings. + The changes will override the existing default configuration. + properties: + failureThreshold: + description: failureThreshold is the minimum consecutive + failures for the probe to be considered failed. Confluent + Platform components come with the right configuration, + and this setting is not required to change most of the + time. + format: int32 + type: integer + initialDelaySeconds: + description: initialDelaySeconds is the number of seconds + after the container has started and before probes are + initiated. Confluent Platform components come with the + right configuration, and this setting is not required + to change most of the time. + format: int32 + type: integer + periodSeconds: + description: periodSeconds specifies how often to perform + the probe. Confluent Platform components come with the + right configuration, and this setting is not required + to change most of the time. + format: int32 + type: integer + successThreshold: + description: successThreshold is the minimum consecutive + successes for the probe to be considered successful + after having failed. The default values is `1`. Must + be `1` for liveness and startup. The minimum value is + `1`. + format: int32 + type: integer + timeoutSeconds: + description: timeoutSeconds is the number of seconds after + which the probe times out. Confluent Platform components + come with the right configuration, and this setting + is not required to change most of the time. + format: int32 + type: integer + type: object + readiness: + description: readiness configures the Kubernetes probe setting. + The changes will override the existing default configuration. + properties: + failureThreshold: + description: failureThreshold is the minimum consecutive + failures for the probe to be considered failed. Confluent + Platform components come with the right configuration, + and this setting is not required to change most of the + time. + format: int32 + type: integer + initialDelaySeconds: + description: initialDelaySeconds is the number of seconds + after the container has started and before probes are + initiated. Confluent Platform components come with the + right configuration, and this setting is not required + to change most of the time. + format: int32 + type: integer + periodSeconds: + description: periodSeconds specifies how often to perform + the probe. Confluent Platform components come with the + right configuration, and this setting is not required + to change most of the time. + format: int32 + type: integer + successThreshold: + description: successThreshold is the minimum consecutive + successes for the probe to be considered successful + after having failed. The default values is `1`. Must + be `1` for liveness and startup. The minimum value is + `1`. + format: int32 + type: integer + timeoutSeconds: + description: timeoutSeconds is the number of seconds after + which the probe times out. Confluent Platform components + come with the right configuration, and this setting + is not required to change most of the time. + format: int32 + type: integer + type: object + type: object + resources: + description: resources describe the compute resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the service account + used to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account.' + type: string + terminationGracePeriodSeconds: + description: terminationGracePeriodSeconds is the grace period + before the pod is deleted. + format: int64 + type: integer + tolerations: + description: tolerations specify the pods to schedule onto the + nodes with matching taints, using the triple `` + and the matching operator ``. + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: topologySpreadConstraints describe how a group of + pods ought to spread across topology domains. Scheduler will + schedule pods based on the constraints. All topologySpreadConstraints + are ANDed. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods + may be unevenly distributed. It''s the maximum permitted + difference between the number of matching pods in any + two topology domains of a given topology type. For example, + in a 3-zone cluster, MaxSkew is set to 1, and pods with + the same labelSelector spread as 1/1/0: | zone1 | zone2 + | zone3 | | P | P | | - if MaxSkew is 1, + incoming pod can only be scheduled to zone3 to become + 1/1/1; scheduling it onto zone1(zone2) would make the + ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - + if MaxSkew is 2, incoming pod can be scheduled onto any + zone. It''s a required field. Default value is 1 and 0 + is not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - + DoNotSchedule (default) tells the scheduler not to schedule + it - ScheduleAnyway tells the scheduler to still schedule + it It''s considered as "Unsatisfiable" if and only if + placing incoming pod on any topology violates "MaxSkew". + For example, in a 3-zone cluster, MaxSkew is set to 1, + and pods with the same labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | | P P P | P | P | If + WhenUnsatisfiable is set to DoNotSchedule, incoming pod + can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). + In other words, the cluster can still be imbalanced, but + scheduler won''t make it *more* imbalanced. It''s a required + field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + replicas: + description: replicas is the desired number of replicas. A change + to this setting will roll the cluster. + format: int32 + type: integer + telemetry: + description: telemetry specifies the Confluent telemetry reporter + configuration. + properties: + global: + description: global allows disabling telemetry configuration. + If CFK is deployed with telemetry, this field is only used to + disable telemetry. The default value is `true` if telemetry + is enabled at the global level. + type: boolean + type: object + tls: + description: tls specifies the TLS configurations for the KafkaRestProxy + cluster. + properties: + autoGeneratedCerts: + description: autoGeneratedCerts specifies that the certificates + are auto-generated based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` is + not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether to ignore + the truststore configuration for the Confluent component. + type: boolean + jksPassword: + description: jksPassword references the secret containing the + JKS password. + properties: + secretRef: + description: 'secretRef references the name of the secret + containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing the certificates. + More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - image + - replicas + type: object + status: + description: status defines the observed state of the KafkaRestProxy cluster. + properties: + authorizationType: + description: authorizationType is the authorization type for this + Confluent component. + type: string + clusterName: + description: clusterName is the name of the Confluent Platform component + cluster. + type: string + clusterNamespace: + description: clusterNamespace is the namespace where the Confluent + Platform component cluster is running. + type: string + conditions: + description: conditions specify the latest available observations + of the current state. + items: + description: Condition represent the latest available observations + of the current state. + properties: + lastProbeTime: + description: lastProbeTime shows the last time the condition + was evaluated. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime shows the last time the condition + was transitioned from one status to another. + format: date-time + type: string + message: + description: message shows a human-readable message with details + about the transition. + type: string + reason: + description: reason shows the reason for the last transition + of the condition. + type: string + status: + description: status shows the status of the condition, one of + `True`, `False`, or `Unknown`. + type: string + type: + description: type shows the condition type. + type: string + type: object + type: array + currentReplicas: + description: currentReplicas is the number of currently running replicas. + format: int32 + type: integer + internalSecrets: + description: internalSecrets are internal secrets created by CFK for + this Confluent component. + items: + type: string + type: array + internalTopicNames: + description: internalTopicNames are the topics used by the component + for internal use. + items: + type: string + type: array + kafka: + description: kafka is the Kafka client side status for the KafkaRestProxy + cluster. + properties: + authenticationType: + description: authenticationType describes the authentication method + for the Kafka cluster. + type: string + bootstrapEndpoint: + description: bootstrapEndpoint specifies the Kafka bootstrap endpoint. + type: string + tls: + description: tls indicates whether TLS is enabled for the Kafka + dependency. + type: boolean + type: object + metricPrefix: + description: metricPrefix is the prefix for the JMX metric of the + KafkaRestProxy. + type: string + operatorVersion: + description: operatorVersion is the internal version of CFK. + type: string + phase: + description: phase describes the state of the Confluent Platform component. + type: string + rbac: + description: rbac contains the RBAC-related status when RBAC is enabled. + properties: + clusterId: + description: clusterId specifies the id of the cluster. + type: string + internalRolebindings: + description: internalRolebindings specifies the internal rolebindings. + items: + type: string + type: array + type: object + readyReplicas: + description: readyReplicas is the number of currently ready replicas. + format: int32 + type: integer + replicas: + description: replicas is the number of replicas. + format: int32 + type: integer + restConfig: + description: restConfig is the REST API configuration of the KafkaRestProxy. + properties: + advertisedExternalEndpoints: + description: advertisedExternalEndpoints specifies other advertised + endpoints used, especially for Kafka. + items: + type: string + type: array + authenticationType: + description: authenticationType shows the authentication type + configured by the listener. + type: string + externalAccessType: + description: externalAccessType shows the external access type + used for the listener. + type: string + externalEndpoint: + description: externalEndpoint specifies the external endpoint + to connect to the Confluent component cluster. + type: string + internalEndpoint: + description: internalEndpoint specifies the internal endpoint + to connect to the Confluent component cluster. + type: string + tls: + description: tls shows whether TLS is configured for the listener. + type: boolean + type: object + selector: + description: selector gets the label selector of the child pod. The + Horizontal Pod Autoscaler(HPA) will scale using the label selector + of the child pod. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.2.1/crds/platform.confluent.io_kafkas.yaml b/base/cfk-base/2.2.1/crds/platform.confluent.io_kafkas.yaml new file mode 100644 index 0000000..f0c878c --- /dev/null +++ b/base/cfk-base/2.2.1/crds/platform.confluent.io_kafkas.yaml @@ -0,0 +1,4575 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_kafkas.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: kafkas.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: Kafka + listKind: KafkaList + plural: kafkas + shortNames: + - kafka + - broker + singular: kafka + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.replicas + name: Replicas + type: string + - jsonPath: .status.readyReplicas + name: Ready + type: string + - jsonPath: .status.phase + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.zookeeperConnect + name: Zookeeper + priority: 1 + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: Kafka is the schema for the Kafka API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec defines the desired state of the Kafka cluster. + properties: + authorization: + description: authorization specifies the authorization configuration. + properties: + superUsers: + description: superUsers specify the super users to give the admin + privilege on the Kafka Cluster. This list takes the format as + `User:` + items: + type: string + type: array + type: + description: type specifies the authorization type. The valid + options are `rbac` and `simple`. + enum: + - rbac + - simple + type: string + required: + - type + type: object + configOverrides: + description: configOverrides specifies the configs to override the + server, JVM, Log4j properties for the Kafka cluster. + properties: + jvm: + description: jvm is a list of JVM configuration supported by the + Confluent Platform component. This will either add or update + the existing configuration. + items: + type: string + type: array + log4j: + description: log4j is a list of Log4J configuration supported + by the Confluent Platform component. This will either add or + update the existing configuration. + items: + type: string + type: array + server: + description: server is a list of server configuration supported + by the Confluent Platform component. This will either add or + update existing configuration. + items: + type: string + type: array + type: object + dataVolumeCapacity: + anyOf: + - type: integer + - type: string + description: dataVolumeCapacity specifies the persistent volume capacity + for the Kafka cluster. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + dependencies: + description: dependencies specify the Kafka dependencies, such as + Zookeeper and centralized MDS. + properties: + kafkaRest: + description: kafkaRest provides the REST client configuration + for the MDS when RBAC is enabled. + properties: + authentication: + description: authentication specifies the authentication for + the Kafka REST API. + properties: + bearer: + description: bearer specifies the bearer authentication + settings. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the + directory path in the container where the credential + is mounted. + minLength: 1 + type: string + secretRef: + description: 'secretRef specifies the name of the + secret that contains the credential. More info: + https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the authentication method + for the MDS. The valid option is `bearer`. + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: endpoint specifies where the Confluent Kafka + REST API is running. + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: tls specifies the client-side TLS configuration + to connect to the Kafka REST API. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the + secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: mds specifies the dependency configuration for the + primary MDS. + properties: + endpoint: + description: endpoint defines the primary Kafka cluster boostrap + endpoint. + minLength: 1 + pattern: ^https?://.* + type: string + kafka: + description: kafka specifies the dependency configuration + for Kafka cluster. + properties: + authentication: + description: authentication defines the authentication + for the Kafka cluster. + properties: + jaasConfig: + description: jaasConfig specifies the Kafka client-side + JaaS configuration. + properties: + secretRef: + description: 'secretRef references the secret + containing the required credentials. More info: + https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: jaasConfigPassThrough specifies another + way to provide the Kafka client-side JaaS configuration. + properties: + directoryPathInContainer: + description: 'directoryPathInContainer specifies + the directory path in the container where required + credentials are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + minLength: 1 + type: string + secretRef: + description: 'secretRef references the secret + containing the required credentials for authentication. + More info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the Kafka client authentication + type. Valid options are `plain`, `oauthbearer`, + `digest`, and `mtls`. + enum: + - plain + - oauthbearer + - digest + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: bootstrapEndpoint specifies the Kafka bootstrap + endpoint. + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: discovery specifies the capability to discover + the Kafka cluster. + properties: + name: + description: name is the name of the Confluent Platform + component cluster. + type: string + namespace: + description: namespace is where the Confluent Platform + component is running. The defauls value is the namespace + where CFK is running. + type: string + secretRef: + description: secretRef is the name of the secret used + to discover the Confluent Platform component. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: tls defines the client-side TLS setting for + the Kafka cluster. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the + directory path in the container where `keystore.jks`, + `truststore.jks`, and `jksPassword.txt` keys are + mounted. `truststore.jks` is not configured and + can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of + the secret containing the JKS password. More + info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + tls: + description: tls specifies the TLS configuration for the primary + MDS. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the + secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: tokenKeyPair specifies the token key pair for + the MDS. + properties: + directoryPathInContainer: + description: directoryPathInContainer defines the directory + path in the container where the MDS token key pair are + mounted. + minLength: 1 + type: string + secretRef: + description: secretRef references the name of the secret + that contains the MDS token key pair. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - endpoint + - kafka + - tokenKeyPair + type: object + schemaRegistry: + description: schemaRegistry specifies the dependency configuration + for the Schema Registry cluster. + properties: + authentication: + description: authentication specifies the authentication for + the Schema Registry cluster. + properties: + basic: + description: basic specifies the configuration for basic + authentication. + properties: + debug: + description: debug enables the basic authentication + debug logs for JaaS configuration. + type: boolean + directoryPathInContainer: + description: 'directoryPathInContainer allows to pass + the basic credential through a directory path in + the container. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + minLength: 1 + type: string + restrictedRoles: + description: restrictedRoles specify the restricted + roles on the server side only. Changes will be only + reflected in Control Center. This configuration + is ignored on the client side configuration. + items: + type: string + minItems: 1 + type: array + roles: + description: roles specify the roles on the server + side only. This configuration is ignored on the + client side configuration. + items: + type: string + type: array + secretRef: + description: 'secretRef defines secret reference to + pass the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the authentication scheme + for the REST API client. Valid options are `basic` and + `mtls`. + enum: + - basic + - mtls + type: string + required: + - type + type: object + tls: + description: tls defines the client-side TLS setting for the + Schema Registry cluster. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the + secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: url specifies the URL endpoint of the Schema + Registry cluster. + minLength: 1 + pattern: ^https?://.* + type: string + required: + - url + type: object + zookeeper: + description: zookeeper specifies the dependency configuration + for Zookeeper. + properties: + authentication: + description: authentication specifies the client side authentication + configuration of Zookeeper for Kafka cluster. + properties: + jaasConfig: + description: jaasConfig specifies the Kafka client-side + JaaS configuration. + properties: + secretRef: + description: 'secretRef references the secret containing + the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: jaasConfigPassThrough specifies another way + to provide the Kafka client-side JaaS configuration. + properties: + directoryPathInContainer: + description: 'directoryPathInContainer specifies the + directory path in the container where required credentials + are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + minLength: 1 + type: string + secretRef: + description: 'secretRef references the secret containing + the required credentials for authentication. More + info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the Kafka client authentication + type. Valid options are `plain`, `oauthbearer`, `digest`, + and `mtls`. + enum: + - plain + - oauthbearer + - digest + - mtls + type: string + required: + - type + type: object + discovery: + description: discovery specifies the capability to discover + the Zookeeper cluster. + properties: + name: + description: name is the name of the Confluent Platform + component cluster. + type: string + namespace: + description: namespace is where the Confluent Platform + component is running. The defauls value is the namespace + where CFK is running. + type: string + secretRef: + description: secretRef is the name of the secret used + to discover the Confluent Platform component. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + endpoint: + description: endpoint specifies the Zookeeper endpoint. + minLength: 1 + pattern: .+:[0-9]+ + type: string + tls: + description: tls specifies the TLS configuration of Zookeeper + for Kafka cluster. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the + secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + type: object + image: + description: image specifies the application and the init docker image + configurations. A change to this setting will roll the cluster. + properties: + application: + description: application is the Docker image name of the application. + Specify `//:`. + pattern: .+:.+ + type: string + init: + description: init is the init-container name. Specify `//:`. + pattern: .+:.+ + type: string + pullPolicy: + description: pullPolicy is the policy for pulling images. Valid + options are `Always`, `Never`, and `IfNotPresent`. The default + value is `IfNotPresent`. + enum: + - Always + - Never + - IfNotPresent + type: string + pullSecretRef: + description: 'pullSecretRef references the secrets in the same + namespace to be used for pulling images. Image pull secrets + are distinct from secrets because secrets can be mounted in + the pod, but image pull secrets are only accessed by `kubelet`. + More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: injectAnnotations are the annotations injected to the + internal resources that CFK created. The internal annotations are + preserved and cannot be overridden. For pod annotations, use `podTemplate.annotations`. + type: object + injectLabels: + additionalProperties: + type: string + description: injectLabels are the labels injected to the internal + resources that CFK created. The internal labels are preserved and + cannot be overridden. For pod labels, use `podTemplate.labels`. + type: object + k8sClusterDomain: + description: k8sClusterDomain specifies the configuration of the Kubernetes + cluster domain. The default is the `cluster.local` domain. + type: string + license: + description: license specifies the license configuration for the Confluent + Platform component. + properties: + directoryPathInContainer: + description: 'directoryPathInContainer specifies the directory + path in the container where the license key is mounted. More + info: https://docs.confluent.io/operator/current/co-license.html#update-component-level-licenses' + minLength: 1 + type: string + globalLicense: + description: globalLicense specifies whether the Confluent Platform + component shares the CFK license. + type: boolean + secretRef: + description: 'secretRef references the secret that provides the + license for the Confluent Platform component. More info: https://docs.confluent.io/operator/current/co-license.html#update-component-level-licenses' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + listeners: + description: listeners specify the listeners configurations. + properties: + custom: + description: custom defines the list of KafkaCustomListener. + items: + description: KafkaCustomListener defines the Kafka custom listener. + properties: + authentication: + description: authentication specifies the authentication + configuration for the listener. + properties: + jaasConfig: + description: 'jaasConfig specifies the JaaS configuration. + More info: https://docs.confluent.io/operator/current/co-authenticate.html' + properties: + secretRef: + description: 'secretRef references the secret containing + the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: 'jaasConfigPassThrough specifies another + way to provide JaaS configuration. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + properties: + directoryPathInContainer: + description: 'directoryPathInContainer specifies + the directory path in the container where required + credentials are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + minLength: 1 + type: string + secretRef: + description: 'secretRef references the secret containing + the required credentials for authentication. More + info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + principalMappingRules: + items: + type: string + type: array + type: + description: type specifies the Kafka or Zookeeper authentication + type. Valid options are `plain`, `digest`, and `mtls`. + enum: + - plain + - digest + - mtls + type: string + required: + - type + type: object + externalAccess: + description: externalAccess defines the external access + configuration for the Kafka cluster. + properties: + loadBalancer: + description: loadBalancer specifies the configuration + to create Kubernetes load balancer services. + properties: + annotations: + additionalProperties: + type: string + description: annotations specify Kubernetes annotations + for the load balancer service. + type: object + bootstrapPrefix: + description: bootstrapPrefix specifies the prefix + for the Kafka bootstrap advertised endpoint and + will be added as `bootstrapPrefix.domain`. The + default value is the Kafka cluster name. + minLength: 1 + type: string + brokerPrefix: + description: brokerPrefix specifies the prefix for + the Kafka broker advertised endpoint and will + be added as `brokerPrefix.domain`. The default + value is `b`, such as `b#.domain` where `#` starts + from `0` to the replicas count. + minLength: 1 + type: string + domain: + description: domain is the domain name of the component + cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: externalTrafficPolicy specifies the + external traffic policy for the service. Valid + options are `Local` and `Cluster`. + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: loadBalancerSourceRanges specify the + source ranges. + items: + type: string + type: array + servicePorts: + description: servicePorts specify the user-provided + service port(s). + items: + description: ServicePort contains information + on service's port. + properties: + appProtocol: + description: The application protocol for + this port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per + RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed + names such as mycompany.com/my-custom-protocol. + Field can be enabled with ServiceAppProtocol + feature gate. + type: string + name: + description: The name of this port within + the service. This must be a DNS_LABEL. All + ports within a ServiceSpec must have unique + names. When considering the endpoints for + a Service, this must match the 'name' field + in the EndpointPort. Optional if only one + ServicePort is defined on this service. + type: string + nodePort: + description: 'The port on each node on which + this service is exposed when type=NodePort + or LoadBalancer. Usually assigned by the + system. If specified, it will be allocated + to the service if unused or else creation + of the service will fail. Default is to + auto-allocate a port if the ServiceType + of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed + by this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. + Supports "TCP", "UDP", and "SCTP". Default + is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to + access on the pods targeted by the service. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. If this is + a string, it will be looked up as a named + port in the target Pod''s container ports. + If this is not specified, the value of the + ''port'' field is used (an identity map). + This field is ignored for services with + clusterIP=None, and should be omitted or + set equal to the ''port'' field. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'sessionAffinity defines the Kubernetes + session affinity. The valid options are `ClientIP` + and `None`. `ClientIP` enables the client IP-based + session affinity. The default value is `None`. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the + configurations of the session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the + seconds of ClientIP type session sticky + time. The value must be >0 && <=86400(for + 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - domain + type: object + nodePort: + description: nodePort specifies the configuration to + create Kubernetes node port services. + properties: + annotations: + additionalProperties: + type: string + description: annotations contain Kubernetes annotations + for the node port service. + type: object + externalTrafficPolicy: + description: externalTrafficPolicy specifies the + external traffic policy for the service. Valid + options are `Local` and `Cluster`. + enum: + - Local + - Cluster + type: string + host: + description: host defines the host name of the cluster. + minLength: 1 + type: string + nodePortOffset: + description: nodePortOffset specifies the starting + offset of the node ports. The port numbers go + in ascending order with respect to the replicas + count. NodePort service creation fails if the + node port is not in the range supported by the + Kubernetes API server. The default Kubernetes + Node Port range is `30000` - `32762`. + format: int32 + minimum: 0 + type: integer + servicePorts: + description: servicePorts specify user-provided + service port(s). For Kafka with the nodePort type, + this setting is only applied to Kafka bootstrap + service. + items: + description: ServicePort contains information + on service's port. + properties: + appProtocol: + description: The application protocol for + this port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per + RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed + names such as mycompany.com/my-custom-protocol. + Field can be enabled with ServiceAppProtocol + feature gate. + type: string + name: + description: The name of this port within + the service. This must be a DNS_LABEL. All + ports within a ServiceSpec must have unique + names. When considering the endpoints for + a Service, this must match the 'name' field + in the EndpointPort. Optional if only one + ServicePort is defined on this service. + type: string + nodePort: + description: 'The port on each node on which + this service is exposed when type=NodePort + or LoadBalancer. Usually assigned by the + system. If specified, it will be allocated + to the service if unused or else creation + of the service will fail. Default is to + auto-allocate a port if the ServiceType + of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed + by this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. + Supports "TCP", "UDP", and "SCTP". Default + is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to + access on the pods targeted by the service. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. If this is + a string, it will be looked up as a named + port in the target Pod''s container ports. + If this is not specified, the value of the + ''port'' field is used (an identity map). + This field is ignored for services with + clusterIP=None, and should be omitted or + set equal to the ''port'' field. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'sessionAffinity defines the Kubernetes + session affinity. The valid options are `ClientIP` + and `None`. `ClientIP` enables the client IP-based + session affinity. The default value is `None`. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the + configurations of the session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the + seconds of ClientIP type session sticky + time. The value must be >0 && <=86400(for + 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - host + - nodePortOffset + type: object + route: + description: route specifies the configuration to create + route services in OpenShift. + properties: + annotations: + additionalProperties: + type: string + description: annotations contain Kubernetes annotations + for the route services. + type: object + bootstrapPrefix: + description: bootstrapPrefix specifies the prefix + for the Kafka bootstrap advertised endpoint and + will be added as `bootstrapPrefix.domain`. The + default value is the Kafka cluster name. + minLength: 1 + type: string + brokerPrefix: + description: brokerPrefix specifies the prefix for + the Kafka broker advertised endpoint and will + be added as `brokerPrefix.domain`. The default + value is `b`, such as `b#.domain` where `#` starts + from `0` to the replicas count. + minLength: 1 + type: string + domain: + description: domain specifies the domain name of + the Confluent component cluster. + minLength: 1 + type: string + wildcardPolicy: + description: wildcardPolicy allows you to define + a route that covers all hosts within a domain. + Valid options are `Subdomain` and `None`. The + default value is `None`. + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + staticForHostBasedRouting: + description: staticForHostBasedRouting enables external + access by doing host based routing through the SNI + capability. With this schema, CFK only configures + Kafka advertised listeners, and no Kubernetes external + service is created. + properties: + brokerPrefix: + description: brokerPrefix specifies the prefix for + the broker advertised endpoints and are added + as `brokerPrefix.domain`. If not configured, it + will add `b` as a prefix, such as `b#.domain` + where `#` will start from `0` to the replicas + count. + minLength: 1 + type: string + domain: + description: domain specifies the domain name for + the Kafka cluster. + minLength: 1 + type: string + port: + description: port specifies the port to be used + in the advertised listener for a broker. + format: int32 + type: integer + required: + - domain + - port + type: object + staticForPortBasedRouting: + description: staticForPortBasedRouting enables external + access by port routing. With this schema, CFK only + configures Kafka advertised listeners, and no Kubernetes + external service is created. + properties: + host: + description: host defines the host name to be used + in the advertised listener for a broker. + minLength: 1 + type: string + portOffset: + description: portOffset specifies the starting port + number. The port numbers go in ascending order + with respect to the replicas count. + format: int32 + type: integer + required: + - host + - portOffset + type: object + type: + description: type specifies the Kubernetes service for + external access. Valid options are `loadBalancer`, + `nodePort`, `route`, `staticForPortBasedRouting`, + and `staticForHostBasedRouting`. + enum: + - loadBalancer + - nodePort + - route + - staticForPortBasedRouting + - staticForHostBasedRouting + type: string + required: + - type + type: object + name: + description: name specifies the name of the custom listener. + `internal`, `external`, and `token` are reserved by CFK + and can't be used for this property. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + port: + description: port binds the given port to the custom listener. + Port numbers lower than `9093` are reserved by CFK. + format: int32 + minimum: 9093 + type: integer + tls: + description: tls specifies the TLS configuration for the + listener. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the + directory path in the container where `keystore.jks`, + `truststore.jks`, and `jksPassword.txt` keys are mounted. + `truststore.jks` is not configured and can be ignored + when the `ignoreTrustStoreConfig` field is set to + `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the + secret containing the JKS password. More info: + https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + required: + - name + - port + type: object + type: array + external: + description: external specifies the Kafka external listener. + properties: + authentication: + description: authentication specifies the authentication configuration + for the listener. + properties: + jaasConfig: + description: 'jaasConfig specifies the JaaS configuration. + More info: https://docs.confluent.io/operator/current/co-authenticate.html' + properties: + secretRef: + description: 'secretRef references the secret containing + the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: 'jaasConfigPassThrough specifies another + way to provide JaaS configuration. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + properties: + directoryPathInContainer: + description: 'directoryPathInContainer specifies the + directory path in the container where required credentials + are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + minLength: 1 + type: string + secretRef: + description: 'secretRef references the secret containing + the required credentials for authentication. More + info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + principalMappingRules: + items: + type: string + type: array + type: + description: type specifies the Kafka or Zookeeper authentication + type. Valid options are `plain`, `digest`, and `mtls`. + enum: + - plain + - digest + - mtls + type: string + required: + - type + type: object + externalAccess: + description: externalAccess defines the external access configuration + for the Kafka cluster. + properties: + loadBalancer: + description: loadBalancer specifies the configuration + to create Kubernetes load balancer services. + properties: + annotations: + additionalProperties: + type: string + description: annotations specify Kubernetes annotations + for the load balancer service. + type: object + bootstrapPrefix: + description: bootstrapPrefix specifies the prefix + for the Kafka bootstrap advertised endpoint and + will be added as `bootstrapPrefix.domain`. The default + value is the Kafka cluster name. + minLength: 1 + type: string + brokerPrefix: + description: brokerPrefix specifies the prefix for + the Kafka broker advertised endpoint and will be + added as `brokerPrefix.domain`. The default value + is `b`, such as `b#.domain` where `#` starts from + `0` to the replicas count. + minLength: 1 + type: string + domain: + description: domain is the domain name of the component + cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: externalTrafficPolicy specifies the external + traffic policy for the service. Valid options are + `Local` and `Cluster`. + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: loadBalancerSourceRanges specify the + source ranges. + items: + type: string + type: array + servicePorts: + description: servicePorts specify the user-provided + service port(s). + items: + description: ServicePort contains information on + service's port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed + names such as mycompany.com/my-custom-protocol. + Field can be enabled with ServiceAppProtocol + feature gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which + this service is exposed when type=NodePort + or LoadBalancer. Usually assigned by the system. + If specified, it will be allocated to the + service if unused or else creation of the + service will fail. Default is to auto-allocate + a port if the ServiceType of this Service + requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. + Supports "TCP", "UDP", and "SCTP". Default + is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to + access on the pods targeted by the service. + Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. If this is a string, + it will be looked up as a named port in the + target Pod''s container ports. If this is + not specified, the value of the ''port'' field + is used (an identity map). This field is ignored + for services with clusterIP=None, and should + be omitted or set equal to the ''port'' field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'sessionAffinity defines the Kubernetes + session affinity. The valid options are `ClientIP` + and `None`. `ClientIP` enables the client IP-based + session affinity. The default value is `None`. More + info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of the session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the + seconds of ClientIP type session sticky + time. The value must be >0 && <=86400(for + 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - domain + type: object + nodePort: + description: nodePort specifies the configuration to create + Kubernetes node port services. + properties: + annotations: + additionalProperties: + type: string + description: annotations contain Kubernetes annotations + for the node port service. + type: object + externalTrafficPolicy: + description: externalTrafficPolicy specifies the external + traffic policy for the service. Valid options are + `Local` and `Cluster`. + enum: + - Local + - Cluster + type: string + host: + description: host defines the host name of the cluster. + minLength: 1 + type: string + nodePortOffset: + description: nodePortOffset specifies the starting + offset of the node ports. The port numbers go in + ascending order with respect to the replicas count. + NodePort service creation fails if the node port + is not in the range supported by the Kubernetes + API server. The default Kubernetes Node Port range + is `30000` - `32762`. + format: int32 + minimum: 0 + type: integer + servicePorts: + description: servicePorts specify user-provided service + port(s). For Kafka with the nodePort type, this + setting is only applied to Kafka bootstrap service. + items: + description: ServicePort contains information on + service's port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed + names such as mycompany.com/my-custom-protocol. + Field can be enabled with ServiceAppProtocol + feature gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which + this service is exposed when type=NodePort + or LoadBalancer. Usually assigned by the system. + If specified, it will be allocated to the + service if unused or else creation of the + service will fail. Default is to auto-allocate + a port if the ServiceType of this Service + requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. + Supports "TCP", "UDP", and "SCTP". Default + is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to + access on the pods targeted by the service. + Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. If this is a string, + it will be looked up as a named port in the + target Pod''s container ports. If this is + not specified, the value of the ''port'' field + is used (an identity map). This field is ignored + for services with clusterIP=None, and should + be omitted or set equal to the ''port'' field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'sessionAffinity defines the Kubernetes + session affinity. The valid options are `ClientIP` + and `None`. `ClientIP` enables the client IP-based + session affinity. The default value is `None`. More + info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of the session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the + seconds of ClientIP type session sticky + time. The value must be >0 && <=86400(for + 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - host + - nodePortOffset + type: object + route: + description: route specifies the configuration to create + route services in OpenShift. + properties: + annotations: + additionalProperties: + type: string + description: annotations contain Kubernetes annotations + for the route services. + type: object + bootstrapPrefix: + description: bootstrapPrefix specifies the prefix + for the Kafka bootstrap advertised endpoint and + will be added as `bootstrapPrefix.domain`. The default + value is the Kafka cluster name. + minLength: 1 + type: string + brokerPrefix: + description: brokerPrefix specifies the prefix for + the Kafka broker advertised endpoint and will be + added as `brokerPrefix.domain`. The default value + is `b`, such as `b#.domain` where `#` starts from + `0` to the replicas count. + minLength: 1 + type: string + domain: + description: domain specifies the domain name of the + Confluent component cluster. + minLength: 1 + type: string + wildcardPolicy: + description: wildcardPolicy allows you to define a + route that covers all hosts within a domain. Valid + options are `Subdomain` and `None`. The default + value is `None`. + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + staticForHostBasedRouting: + description: staticForHostBasedRouting enables external + access by doing host based routing through the SNI capability. + With this schema, CFK only configures Kafka advertised + listeners, and no Kubernetes external service is created. + properties: + brokerPrefix: + description: brokerPrefix specifies the prefix for + the broker advertised endpoints and are added as + `brokerPrefix.domain`. If not configured, it will + add `b` as a prefix, such as `b#.domain` where `#` + will start from `0` to the replicas count. + minLength: 1 + type: string + domain: + description: domain specifies the domain name for + the Kafka cluster. + minLength: 1 + type: string + port: + description: port specifies the port to be used in + the advertised listener for a broker. + format: int32 + type: integer + required: + - domain + - port + type: object + staticForPortBasedRouting: + description: staticForPortBasedRouting enables external + access by port routing. With this schema, CFK only configures + Kafka advertised listeners, and no Kubernetes external + service is created. + properties: + host: + description: host defines the host name to be used + in the advertised listener for a broker. + minLength: 1 + type: string + portOffset: + description: portOffset specifies the starting port + number. The port numbers go in ascending order with + respect to the replicas count. + format: int32 + type: integer + required: + - host + - portOffset + type: object + type: + description: type specifies the Kubernetes service for + external access. Valid options are `loadBalancer`, `nodePort`, + `route`, `staticForPortBasedRouting`, and `staticForHostBasedRouting`. + enum: + - loadBalancer + - nodePort + - route + - staticForPortBasedRouting + - staticForHostBasedRouting + type: string + required: + - type + type: object + tls: + description: tls specifies the TLS configuration for the listener. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the + secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + internal: + description: internal specifies the internal listener. + properties: + authentication: + description: authentication specifies the authentication configuration + for the listener. + properties: + jaasConfig: + description: 'jaasConfig specifies the JaaS configuration. + More info: https://docs.confluent.io/operator/current/co-authenticate.html' + properties: + secretRef: + description: 'secretRef references the secret containing + the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: 'jaasConfigPassThrough specifies another + way to provide JaaS configuration. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + properties: + directoryPathInContainer: + description: 'directoryPathInContainer specifies the + directory path in the container where required credentials + are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + minLength: 1 + type: string + secretRef: + description: 'secretRef references the secret containing + the required credentials for authentication. More + info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + principalMappingRules: + items: + type: string + type: array + type: + description: type specifies the Kafka or Zookeeper authentication + type. Valid options are `plain`, `digest`, and `mtls`. + enum: + - plain + - digest + - mtls + type: string + required: + - type + type: object + tls: + description: tls specifies the TLS configuration for the listener. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the + secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + type: object + metricReporter: + description: metricsReporter specifies the configuration of the metric + reporter. The metric reporter is enabled by default. If authentication + and TLS are not set, the metrics reporter uses internal listener's + authentication and TLS . + properties: + authentication: + description: authentication specifies the Kafka client-side authentication + configuration. + properties: + jaasConfig: + description: jaasConfig specifies the Kafka client-side JaaS + configuration. + properties: + secretRef: + description: 'secretRef references the secret containing + the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: jaasConfigPassThrough specifies another way to + provide the Kafka client-side JaaS configuration. + properties: + directoryPathInContainer: + description: 'directoryPathInContainer specifies the directory + path in the container where required credentials are + mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + minLength: 1 + type: string + secretRef: + description: 'secretRef references the secret containing + the required credentials for authentication. More info: + https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the Kafka client authentication + type. Valid options are `plain`, `oauthbearer`, `digest`, + and `mtls`. + enum: + - plain + - oauthbearer + - digest + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: bootstrapEndpoint specifies the Kafka bootstrap endpoint. + type: string + enabled: + description: enabled specifies whether to enable or disable the + metric reporter. + type: boolean + replicationFactor: + description: replicationFactor specifies the number of replicas + in the metric topic. + format: int32 + type: integer + tls: + description: tls specifies the Kafka client-side TLS configuration. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether to ignore + the truststore configuration for the Confluent component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the secret + containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing the + certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + required: + - enabled + type: object + metrics: + description: metrics specify the security settings for the metric + services. + properties: + authentication: + description: authentication specifies the authentication configuration + for the metrics. + properties: + type: + description: type specifies the metrics authentication method. + The valid option is `mtls`. + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: prometheus specifies the configuration overrides + for the JMX-Prometheus exporter. + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Rule defines the Prometheus Exporter rule override. + properties: + attrNameSnakeCase: + type: boolean + cache: + type: boolean + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: tls specifies the TLS configuration for the metrics. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether to ignore + the truststore configuration for the Confluent component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the secret + containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing the + certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: 'mountedSecrets list the secrets injected to the underlying + statefulset configuration. The secret reference is mounted in the + default path `/mnt/secrets/`. The underlying resources + will follow the secret as a file configuration. More info: https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod. + A change to this setting will roll the cluster.' + items: + description: MountedSecrets provides a way to inject a custom secret + to the underlying statefulset. + properties: + keyItems: + description: keyItems are key and path names. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be in + conflict with other options that affect the file mode, + like fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: secretRef references the name of the secret. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + oneReplicaPerNode: + description: oneReplicaPerNode controls whether to run 1 pod per node + using the pod anti-affinity capability. Enabling this configuration + in an existing cluster will roll the cluster. + type: boolean + podTemplate: + description: podTemplate specifies the statefulset pod template configuration. + properties: + affinity: + description: 'affinity specifies a group of affinity scheduling + rules. More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity.' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from + its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term + matches no objects. The requirements of them are + ANDed. The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node that + violates one or more of the expressions. The node that + is most preferred is the one with the greatest sum of + weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod + label update), the system may or may not try to eventually + evict the pod from its node. When there are multiple + elements, the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'annotations are unstructured key value maps stored + with the resource and may be set by external tools to store + and retrieve arbitrary metadata. They are not queryable and + should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations.' + type: object + envVars: + description: 'envVars contain environment variables to be injected + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container.' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'labels are maps of string keys and values that can + be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels.' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present + in container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to + all containers in a pod. Some volume types allow the Kubelet + to change the ownership of that volume to be owned by the + pod: \n 1. The owning GID will be the FSGroup 2. The setgid + bit is set (new files created in the volume will be owned + by FSGroup) 3. The permission bits are OR'd with rw-rw---- + \n If unset, the Kubelet will not modify the ownership and + permissions of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence + for that container. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process + run in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options within a container's + SecurityContext will be used. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + priorityClassName: + description: priorityClassName specifies the priority class for + the pod (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: probe contains the fields for standard Kubernetes + readiness/liveness probe configuration. + properties: + liveness: + description: liveness configures the Kubernetes probe settings. + The changes will override the existing default configuration. + properties: + failureThreshold: + description: failureThreshold is the minimum consecutive + failures for the probe to be considered failed. Confluent + Platform components come with the right configuration, + and this setting is not required to change most of the + time. + format: int32 + type: integer + initialDelaySeconds: + description: initialDelaySeconds is the number of seconds + after the container has started and before probes are + initiated. Confluent Platform components come with the + right configuration, and this setting is not required + to change most of the time. + format: int32 + type: integer + periodSeconds: + description: periodSeconds specifies how often to perform + the probe. Confluent Platform components come with the + right configuration, and this setting is not required + to change most of the time. + format: int32 + type: integer + successThreshold: + description: successThreshold is the minimum consecutive + successes for the probe to be considered successful + after having failed. The default values is `1`. Must + be `1` for liveness and startup. The minimum value is + `1`. + format: int32 + type: integer + timeoutSeconds: + description: timeoutSeconds is the number of seconds after + which the probe times out. Confluent Platform components + come with the right configuration, and this setting + is not required to change most of the time. + format: int32 + type: integer + type: object + readiness: + description: readiness configures the Kubernetes probe setting. + The changes will override the existing default configuration. + properties: + failureThreshold: + description: failureThreshold is the minimum consecutive + failures for the probe to be considered failed. Confluent + Platform components come with the right configuration, + and this setting is not required to change most of the + time. + format: int32 + type: integer + initialDelaySeconds: + description: initialDelaySeconds is the number of seconds + after the container has started and before probes are + initiated. Confluent Platform components come with the + right configuration, and this setting is not required + to change most of the time. + format: int32 + type: integer + periodSeconds: + description: periodSeconds specifies how often to perform + the probe. Confluent Platform components come with the + right configuration, and this setting is not required + to change most of the time. + format: int32 + type: integer + successThreshold: + description: successThreshold is the minimum consecutive + successes for the probe to be considered successful + after having failed. The default values is `1`. Must + be `1` for liveness and startup. The minimum value is + `1`. + format: int32 + type: integer + timeoutSeconds: + description: timeoutSeconds is the number of seconds after + which the probe times out. Confluent Platform components + come with the right configuration, and this setting + is not required to change most of the time. + format: int32 + type: integer + type: object + type: object + resources: + description: resources describe the compute resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the service account + used to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account.' + type: string + terminationGracePeriodSeconds: + description: terminationGracePeriodSeconds is the grace period + before the pod is deleted. + format: int64 + type: integer + tolerations: + description: tolerations specify the pods to schedule onto the + nodes with matching taints, using the triple `` + and the matching operator ``. + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: topologySpreadConstraints describe how a group of + pods ought to spread across topology domains. Scheduler will + schedule pods based on the constraints. All topologySpreadConstraints + are ANDed. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods + may be unevenly distributed. It''s the maximum permitted + difference between the number of matching pods in any + two topology domains of a given topology type. For example, + in a 3-zone cluster, MaxSkew is set to 1, and pods with + the same labelSelector spread as 1/1/0: | zone1 | zone2 + | zone3 | | P | P | | - if MaxSkew is 1, + incoming pod can only be scheduled to zone3 to become + 1/1/1; scheduling it onto zone1(zone2) would make the + ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - + if MaxSkew is 2, incoming pod can be scheduled onto any + zone. It''s a required field. Default value is 1 and 0 + is not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - + DoNotSchedule (default) tells the scheduler not to schedule + it - ScheduleAnyway tells the scheduler to still schedule + it It''s considered as "Unsatisfiable" if and only if + placing incoming pod on any topology violates "MaxSkew". + For example, in a 3-zone cluster, MaxSkew is set to 1, + and pods with the same labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | | P P P | P | P | If + WhenUnsatisfiable is set to DoNotSchedule, incoming pod + can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). + In other words, the cluster can still be imbalanced, but + scheduler won''t make it *more* imbalanced. It''s a required + field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + rackAssignment: + description: rackAssignment specifies the rack awareness capability + of the Kafka cluster. + properties: + availabilityZoneCount: + description: availabilityZoneCount configures `broker.rack` with + the formula (`pod_id % azCount`). This is mainly for backwards + compatibility with Operator 1.x. + format: int32 + type: integer + nodeLabels: + description: nodeLabels use the Kubernetes node API to retrieve + the label values to be used in `broker.rack`. This feature requires + CFK to run with the cluster-level access. + items: + type: string + minItems: 1 + type: array + type: object + replicas: + description: replicas is the desired number of replicas. A change + to this setting will roll the cluster. + format: int32 + type: integer + services: + description: services specify the supported Kafka services. + properties: + kafkaRest: + description: kafkaRest specifies the embedded REST API server + configuration. + properties: + authentication: + description: authentication specifies the REST API server + authentication configuration. + properties: + basic: + description: basic specifies the configuration for basic + authentication. + properties: + debug: + description: debug enables the basic authentication + debug logs for JaaS configuration. + type: boolean + directoryPathInContainer: + description: 'directoryPathInContainer allows to pass + the basic credential through a directory path in + the container. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + minLength: 1 + type: string + restrictedRoles: + description: restrictedRoles specify the restricted + roles on the server side only. Changes will be only + reflected in Control Center. This configuration + is ignored on the client side configuration. + items: + type: string + minItems: 1 + type: array + roles: + description: roles specify the roles on the server + side only. This configuration is ignored on the + client side configuration. + items: + type: string + type: array + secretRef: + description: 'secretRef defines secret reference to + pass the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the authentication scheme + for the REST API server. Valid options are `basic` and + `mtls`. + enum: + - basic + - mtls + type: string + required: + - type + type: object + externalAccess: + description: externalAccess specifies the external access + configuration. + properties: + loadBalancer: + description: loadBalancer specifies the configuration + to create a Kubernetes load balancer service. + properties: + annotations: + additionalProperties: + type: string + description: annotations specify Kubernetes annotations + for the load balancer service. + type: object + domain: + description: domain is the domain name of the component + cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: externalTrafficPolicy specifies the external + traffic policy for the service. Valid options are + `Local` and `Cluster`. + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: loadBalancerSourceRanges specify the + source ranges. + items: + type: string + type: array + port: + description: port specifies the external port for + the client consumption. If not configured, the same + internal/external port is configured for the component. + Information about the port can be retrieved through + the status API. + format: int32 + type: integer + prefix: + description: prefix specify the prefix for the given + domain. The default value is the name of the cluster. + minLength: 1 + type: string + servicePorts: + description: servicePorts specify the user-provided + service port(s). + items: + description: ServicePort contains information on + service's port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed + names such as mycompany.com/my-custom-protocol. + Field can be enabled with ServiceAppProtocol + feature gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which + this service is exposed when type=NodePort + or LoadBalancer. Usually assigned by the system. + If specified, it will be allocated to the + service if unused or else creation of the + service will fail. Default is to auto-allocate + a port if the ServiceType of this Service + requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. + Supports "TCP", "UDP", and "SCTP". Default + is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to + access on the pods targeted by the service. + Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. If this is a string, + it will be looked up as a named port in the + target Pod''s container ports. If this is + not specified, the value of the ''port'' field + is used (an identity map). This field is ignored + for services with clusterIP=None, and should + be omitted or set equal to the ''port'' field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'sessionAffinity defines the Kubernetes + session affinity. The valid options are `ClientIP` + and `None`. `ClientIP` enables the client IP-based + session affinity. The default value is `None`. More + info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of the session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the + seconds of ClientIP type session sticky + time. The value must be >0 && <=86400(for + 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - domain + type: object + nodePort: + description: nodePort specifies the configuration to create + a Kubernetes node port service. + properties: + annotations: + additionalProperties: + type: string + description: annotations contain Kubernetes annotations + for the node port service. + type: object + externalTrafficPolicy: + description: externalTrafficPolicy specifies the external + traffic policy for the service. Valid options are + `Local` and `Cluster`. + enum: + - Local + - Cluster + type: string + host: + description: host defines the host name of the cluster. + minLength: 1 + type: string + nodePortOffset: + description: nodePortOffset specifies the starting + offset of the node ports. The port numbers go in + ascending order with respect to the replicas count. + NodePort service creation fails if the node port + is not in the range supported by the Kubernetes + API server. The default Kubernetes Node Port range + is `30000` - `32762`. + format: int32 + minimum: 0 + type: integer + servicePorts: + description: servicePorts specify user-provided service + port(s). For Kafka with the nodePort type, this + setting is only applied to Kafka bootstrap service. + items: + description: ServicePort contains information on + service's port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed + names such as mycompany.com/my-custom-protocol. + Field can be enabled with ServiceAppProtocol + feature gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which + this service is exposed when type=NodePort + or LoadBalancer. Usually assigned by the system. + If specified, it will be allocated to the + service if unused or else creation of the + service will fail. Default is to auto-allocate + a port if the ServiceType of this Service + requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. + Supports "TCP", "UDP", and "SCTP". Default + is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to + access on the pods targeted by the service. + Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. If this is a string, + it will be looked up as a named port in the + target Pod''s container ports. If this is + not specified, the value of the ''port'' field + is used (an identity map). This field is ignored + for services with clusterIP=None, and should + be omitted or set equal to the ''port'' field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'sessionAffinity defines the Kubernetes + session affinity. The valid options are `ClientIP` + and `None`. `ClientIP` enables the client IP-based + session affinity. The default value is `None`. More + info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of the session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the + seconds of ClientIP type session sticky + time. The value must be >0 && <=86400(for + 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - host + - nodePortOffset + type: object + route: + description: route specifies the configuration to create + a route service in OpenShift. + properties: + annotations: + additionalProperties: + type: string + description: annotations contain Kubernetes annotations + for the route services. + type: object + domain: + description: domain specifies the domain name of the + Confluent component cluster. + minLength: 1 + type: string + prefix: + description: prefix specifies the component prefix + when configured for the domain. The default value + is the name of the cluster. + minLength: 1 + type: string + wildcardPolicy: + description: wildcardPolicy allows you to define a + route that covers all hosts within a domain. Valid + options are `Subdomain` and `None`. The default + value is `None`. + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: type specifies the Kubernetes external service + for the component. Valid options are `loadBalancer`, + `nodePort`, and `route`. + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + tls: + description: tls specifies the TLS configuration. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the + secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: mds specifies the MDS server configuration. + properties: + authentication: + description: authentication specifies the MDS server authentication + configuration. + properties: + type: + description: type defines the MDS authentication type. + The valid option is `bearer`. + enum: + - bearer + type: string + required: + - type + type: object + externalAccess: + description: externalAccess specifies the external access + configuration. + properties: + loadBalancer: + description: loadBalancer specifies the configuration + to create a Kubernetes load balancer service. + properties: + annotations: + additionalProperties: + type: string + description: annotations specify Kubernetes annotations + for the load balancer service. + type: object + domain: + description: domain is the domain name of the component + cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: externalTrafficPolicy specifies the external + traffic policy for the service. Valid options are + `Local` and `Cluster`. + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: loadBalancerSourceRanges specify the + source ranges. + items: + type: string + type: array + port: + description: port specifies the external port for + the client consumption. If not configured, the same + internal/external port is configured for the component. + Information about the port can be retrieved through + the status API. + format: int32 + type: integer + prefix: + description: prefix specify the prefix for the given + domain. The default value is the name of the cluster. + minLength: 1 + type: string + servicePorts: + description: servicePorts specify the user-provided + service port(s). + items: + description: ServicePort contains information on + service's port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed + names such as mycompany.com/my-custom-protocol. + Field can be enabled with ServiceAppProtocol + feature gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which + this service is exposed when type=NodePort + or LoadBalancer. Usually assigned by the system. + If specified, it will be allocated to the + service if unused or else creation of the + service will fail. Default is to auto-allocate + a port if the ServiceType of this Service + requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. + Supports "TCP", "UDP", and "SCTP". Default + is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to + access on the pods targeted by the service. + Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. If this is a string, + it will be looked up as a named port in the + target Pod''s container ports. If this is + not specified, the value of the ''port'' field + is used (an identity map). This field is ignored + for services with clusterIP=None, and should + be omitted or set equal to the ''port'' field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'sessionAffinity defines the Kubernetes + session affinity. The valid options are `ClientIP` + and `None`. `ClientIP` enables the client IP-based + session affinity. The default value is `None`. More + info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of the session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the + seconds of ClientIP type session sticky + time. The value must be >0 && <=86400(for + 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - domain + type: object + nodePort: + description: nodePort specifies the configuration to create + a Kubernetes node port service. + properties: + annotations: + additionalProperties: + type: string + description: annotations contain Kubernetes annotations + for the node port service. + type: object + externalTrafficPolicy: + description: externalTrafficPolicy specifies the external + traffic policy for the service. Valid options are + `Local` and `Cluster`. + enum: + - Local + - Cluster + type: string + host: + description: host defines the host name of the cluster. + minLength: 1 + type: string + nodePortOffset: + description: nodePortOffset specifies the starting + offset of the node ports. The port numbers go in + ascending order with respect to the replicas count. + NodePort service creation fails if the node port + is not in the range supported by the Kubernetes + API server. The default Kubernetes Node Port range + is `30000` - `32762`. + format: int32 + minimum: 0 + type: integer + servicePorts: + description: servicePorts specify user-provided service + port(s). For Kafka with the nodePort type, this + setting is only applied to Kafka bootstrap service. + items: + description: ServicePort contains information on + service's port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed + names such as mycompany.com/my-custom-protocol. + Field can be enabled with ServiceAppProtocol + feature gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which + this service is exposed when type=NodePort + or LoadBalancer. Usually assigned by the system. + If specified, it will be allocated to the + service if unused or else creation of the + service will fail. Default is to auto-allocate + a port if the ServiceType of this Service + requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. + Supports "TCP", "UDP", and "SCTP". Default + is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to + access on the pods targeted by the service. + Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. If this is a string, + it will be looked up as a named port in the + target Pod''s container ports. If this is + not specified, the value of the ''port'' field + is used (an identity map). This field is ignored + for services with clusterIP=None, and should + be omitted or set equal to the ''port'' field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'sessionAffinity defines the Kubernetes + session affinity. The valid options are `ClientIP` + and `None`. `ClientIP` enables the client IP-based + session affinity. The default value is `None`. More + info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of the session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the + seconds of ClientIP type session sticky + time. The value must be >0 && <=86400(for + 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - host + - nodePortOffset + type: object + route: + description: route specifies the configuration to create + a route service in OpenShift. + properties: + annotations: + additionalProperties: + type: string + description: annotations contain Kubernetes annotations + for the route services. + type: object + domain: + description: domain specifies the domain name of the + Confluent component cluster. + minLength: 1 + type: string + prefix: + description: prefix specifies the component prefix + when configured for the domain. The default value + is the name of the cluster. + minLength: 1 + type: string + wildcardPolicy: + description: wildcardPolicy allows you to define a + route that covers all hosts within a domain. Valid + options are `Subdomain` and `None`. The default + value is `None`. + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: type specifies the Kubernetes external service + for the component. Valid options are `loadBalancer`, + `nodePort`, and `route`. + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + provider: + description: provider specifies the identity provider configuration. + properties: + ldap: + description: ldap defines the LDAP service configuration. + properties: + address: + description: address defines the LDAP server address. + type: string + authentication: + description: LdapAuthentication specifies the LDAP + authentication configuration. + properties: + simple: + description: simple specifies simple authentication + configuration for the LDAP. + properties: + directoryPathInContainer: + description: directoryPathInContainer defines + the directory path in the container where + the credentials are mounted. + minLength: 1 + type: string + secretRef: + description: secretRef references the name + of the secret that contains the credentials. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type defines the authentication method + for LDAP. Valid options are `simple` and `mtls`. + enum: + - simple + - mtls + type: string + required: + - type + type: object + configurations: + description: configurations defines the LDAP configurations + for Confluent RBAC. + properties: + groupMemberAttribute: + description: groupMemberAttribute specifies the + LDAP group member attribute. + minLength: 1 + type: string + groupMemberAttributePattern: + description: groupMemberAttributePattern specifies + the regular expression pattern for the LDAP + group member attribute. + minLength: 1 + type: string + groupNameAttribute: + description: groupNameAttribute specifies the + LDAP group name attribute. + minLength: 1 + type: string + groupObjectClass: + description: groupObjectClass specifies the LDAP + group object class. + minLength: 1 + type: string + groupSearchBase: + description: groupSearchBase specifies the LDAP + search base for the group-based search. + minLength: 1 + type: string + groupSearchFilter: + description: groupSearchFilter specifies the LDAP + search filter for the group-based search. + minLength: 1 + type: string + groupSearchScope: + description: groupSearchScope specifies the LDAP + search scope for the group-based search. + format: int32 + type: integer + userMemberOfAttributePattern: + description: userMemberOfAttributePattern specifies + the regular expression pattern for the LDAP + user member attribute. + minLength: 1 + type: string + userNameAttribute: + description: userNameAttribute specifies the LDAP + username attribute. + minLength: 1 + type: string + userObjectClass: + description: userObjectClass specifies the LDAP + user object class. + minLength: 1 + type: string + userSearchBase: + description: userSearchBase specifies the LDAP + search base for the user-based search. + minLength: 1 + type: string + userSearchFilter: + description: userSearchFilter specifies the LDAP + search filter for the user-based search. + minLength: 1 + type: string + userSearchScope: + description: userSearchScope specifies the LDAP + search scope for the user-based search. + format: int32 + type: integer + type: object + tls: + description: tls specifies the TLS configuration for + the LDAP. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies + the directory path in the container where `keystore.jks`, + `truststore.jks`, and `jksPassword.txt` keys + are mounted. `truststore.jks` is not configured + and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS + configuration for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates + whether to ignore the truststore configuration + for the Confluent component. + type: boolean + jksPassword: + description: jksPassword references the secret + containing the JKS password. + properties: + secretRef: + description: 'secretRef references the name + of the secret containing the JKS password. + More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret + containing the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + required: + - address + - authentication + - configurations + type: object + type: + description: type defines the identity provider type. + The valid option is `ldap`. + enum: + - ldap + type: string + required: + - ldap + - type + type: object + tls: + description: tls specifies the TLS configuration. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the + secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: tokenKeyPair specifies the token key pair for + the MDS. + properties: + directoryPathInContainer: + description: directoryPathInContainer defines the directory + path in the container where the MDS token key pair are + mounted. + minLength: 1 + type: string + secretRef: + description: secretRef references the name of the secret + that contains the MDS token key pair. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - provider + - tokenKeyPair + type: object + type: object + storageClass: + description: storageClass specifies the user-provided storage class. + If not configured, it will use the default storage class. + properties: + name: + description: name is the storage class name. + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + telemetry: + description: telemetry specifies the Confluent telemetry reporter + configuration. + properties: + global: + description: global allows disabling telemetry configuration. + If CFK is deployed with telemetry, this field is only used to + disable telemetry. The default value is `true` if telemetry + is enabled at the global level. + type: boolean + type: object + tls: + description: tls specifies the global-level TLS configuration which + can be used by listeners and services. + properties: + autoGeneratedCerts: + description: autoGeneratedCerts specifies that the certificates + are auto-generated based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` is + not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether to ignore + the truststore configuration for the Confluent component. + type: boolean + jksPassword: + description: jksPassword references the secret containing the + JKS password. + properties: + secretRef: + description: 'secretRef references the name of the secret + containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing the certificates. + More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - dataVolumeCapacity + - image + - replicas + type: object + status: + description: status defines the observed state of the Kafka cluster. + properties: + authorizationType: + description: authorizationType is the authorization type for this + Confluent component. + type: string + brokerIdOffset: + description: brokerIdOffset is the broker id offset of the Kafka cluster. + format: int32 + type: integer + clusterID: + description: clusterID is the ID of the Kafka cluster. + type: string + clusterName: + description: clusterName is the name of the Confluent Platform component + cluster. + type: string + clusterNamespace: + description: clusterNamespace is the namespace where the Confluent + Platform component cluster is running. + type: string + conditions: + description: conditions specify the latest available observations + of the current state. + items: + description: Condition represent the latest available observations + of the current state. + properties: + lastProbeTime: + description: lastProbeTime shows the last time the condition + was evaluated. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime shows the last time the condition + was transitioned from one status to another. + format: date-time + type: string + message: + description: message shows a human-readable message with details + about the transition. + type: string + reason: + description: reason shows the reason for the last transition + of the condition. + type: string + status: + description: status shows the status of the condition, one of + `True`, `False`, or `Unknown`. + type: string + type: + description: type shows the condition type. + type: string + type: object + type: array + currentReplicas: + description: currentReplicas is the number of currently running replicas. + format: int32 + type: integer + internalSecrets: + description: internalSecrets are internal secrets created by CFK for + this Confluent component. + items: + type: string + type: array + internalTopicNames: + description: internalTopicNames are the topics used by the component + for internal use. + items: + type: string + type: array + listeners: + additionalProperties: + properties: + advertisedExternalEndpoints: + description: advertisedExternalEndpoints specifies other advertised + endpoints used, especially for Kafka. + items: + type: string + type: array + authenticationType: + description: authenticationType shows the authentication type + configured by the listener. + type: string + client: + type: string + externalAccessType: + description: externalAccessType shows the external access type + used for the listener. + type: string + externalEndpoint: + description: externalEndpoint specifies the external endpoint + to connect to the Confluent component cluster. + type: string + internalEndpoint: + description: internalEndpoint specifies the internal endpoint + to connect to the Confluent component cluster. + type: string + tls: + description: tls shows whether TLS is configured for the listener. + type: boolean + type: object + description: listeners is a map for the status of Kafka Listeners. + type: object + minISR: + description: minISR is the minimum number of in sync replicas in the + Kafka cluster. + format: int32 + type: integer + operatorVersion: + description: operatorVersion is the internal version of CFK. + type: string + phase: + description: phase describes the state of the Confluent Platform component. + type: string + readyReplicas: + description: readyReplicas is the number of currently ready replicas. + format: int32 + type: integer + replicas: + description: replicas is the number of replicas. + format: int32 + type: integer + replicationFactor: + description: replicationFactor is the replication factor of the topics + in the Kafka cluster. + format: int32 + type: integer + selector: + description: selector gets the label selector of the child pod. The + Horizontal Pod Autoscaler(HPA) will scale using the label selector + of the child pod. + type: string + services: + additionalProperties: + description: ListenerStatus describes general information about + the listeners. + properties: + advertisedExternalEndpoints: + description: advertisedExternalEndpoints specifies other advertised + endpoints used, especially for Kafka. + items: + type: string + type: array + authenticationType: + description: authenticationType shows the authentication type + configured by the listener. + type: string + externalAccessType: + description: externalAccessType shows the external access type + used for the listener. + type: string + externalEndpoint: + description: externalEndpoint specifies the external endpoint + to connect to the Confluent component cluster. + type: string + internalEndpoint: + description: internalEndpoint specifies the internal endpoint + to connect to the Confluent component cluster. + type: string + tls: + description: tls shows whether TLS is configured for the listener. + type: boolean + type: object + description: services is a map for the Kafka services. + type: object + zookeeperConnect: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.2.1/crds/platform.confluent.io_kafkatopics.yaml b/base/cfk-base/2.2.1/crds/platform.confluent.io_kafkatopics.yaml new file mode 100644 index 0000000..6bc1bc9 --- /dev/null +++ b/base/cfk-base/2.2.1/crds/platform.confluent.io_kafkatopics.yaml @@ -0,0 +1,275 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_kafkatopics.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: kafkatopics.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: KafkaTopic + listKind: KafkaTopicList + plural: kafkatopics + shortNames: + - kt + - topic + singular: kafkatopic + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.replicas + name: Replicas + type: string + - jsonPath: .status.partitionCount + name: Partition + type: string + - jsonPath: .status.state + name: Status + type: string + - jsonPath: .status.kafkaClusterId + name: ClusterId + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.kafkaCluster + name: KafkaCluster + priority: 1 + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: KafkaTopic is the schema for the Kafka Topic API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec defines the desired state of the KafkaTopic. + properties: + configs: + additionalProperties: + type: string + description: 'configs are used to pass the configuration settings + for the topic. More info: https://docs.confluent.io/current/installation/configuration/topic-configs.html.' + type: object + kafkaClusterRef: + description: kafkaClusterRef specifies the name of the Kafka cluster. + properties: + name: + description: name specifies the name of the Confluent Platform + component cluster. + type: string + namespace: + description: namespace specifies the namespace where the Confluent + Platform component cluster is running. + type: string + required: + - name + type: object + kafkaRest: + description: kafkaRest specifies the Kafka REST API configuration. + properties: + authentication: + description: authentication specifies the REST API authentication + mechanism. + properties: + basic: + description: basic specifies the basic authentication settings + for the REST API client. + properties: + secretRef: + description: secretRef references the name of the secret. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + bearer: + description: bearer specifies the bearer authentication settings + for the REST API client. + properties: + secretRef: + description: secretRef references the name of the secret. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: + description: type specifies the REST API authentication type. + Valid options are `basic`, `bearer`, and `mtls`. + enum: + - basic + - bearer + - mtls + type: string + required: + - type + type: object + endpoint: + description: endpoint specifies where Confluent REST API is running. + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: tls specifies the custom TLS structure for the application + resources, e.g. connector, topic, schema, of the Confluent Platform + components. + properties: + directoryPathInContainer: + description: directoryPathInContainer contains the directory + path in the container where `keystore.jks`, `truststore.jks`, + `jksPassword.txt` keys are mounted. + minLength: 1 + type: string + jksPassword: + description: jksPassword specifies the secret name that contains + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the secret + containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef specifies the secret name that contains + the certificates. More info about certificates key/value + format: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: object + kafkaRestClassRef: + description: kafkaRestClassRef references the KafkaRestClass which + defines Kafka REST API connection information. + properties: + name: + description: name specifies the name of the KafkaRestClass application + resource. + minLength: 1 + type: string + namespace: + description: namespace specifies the namespace of the KafkaRestClass. + type: string + required: + - name + type: object + name: + description: name specifies the topic name. If not configured, the + KafkaTopic CR name is used as the topic name. + maxLength: 255 + minLength: 1 + pattern: ^[a-zA-Z0-9\._\-]*$ + type: string + partitionCount: + description: partitionCount specifies the number of partitions for + the topic. If not configured, it will be defaulted to the partition + count that Kafka REST V3 API supports. + format: int32 + type: integer + replicas: + description: replicas specifies the replication factor for the topic. + If not configured, it will be defaulted to the replication factor + that Kafka REST V3 API supports. + format: int32 + type: integer + type: object + status: + description: status defines the observed state of the KafkaTopic. + properties: + conditions: + description: conditions are the latest available observed states of + the topic. + items: + description: Condition represent the latest available observations + of the current state. + properties: + lastProbeTime: + description: lastProbeTime shows the last time the condition + was evaluated. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime shows the last time the condition + was transitioned from one status to another. + format: date-time + type: string + message: + description: message shows a human-readable message with details + about the transition. + type: string + reason: + description: reason shows the reason for the last transition + of the condition. + type: string + status: + description: status shows the status of the condition, one of + `True`, `False`, or `Unknown`. + type: string + type: + description: type shows the condition type. + type: string + type: object + type: array + kafkaCluster: + type: string + kafkaClusterId: + description: kafkaClusterId is the id of the Kafka cluster. + type: string + kafkaRestEndpoint: + description: kafkaRestEndpoint is the endpoint of the Kafka REST API. + type: string + partitionCount: + description: partitionCount is the partition count of the topic. + format: int32 + type: integer + replicas: + description: replicas is the replication factor of the topic. + format: int32 + type: integer + state: + description: state is the state of the topic. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.2.1/crds/platform.confluent.io_ksqldbs.yaml b/base/cfk-base/2.2.1/crds/platform.confluent.io_ksqldbs.yaml new file mode 100644 index 0000000..a5f325a --- /dev/null +++ b/base/cfk-base/2.2.1/crds/platform.confluent.io_ksqldbs.yaml @@ -0,0 +1,2750 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_ksqldbs.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: ksqldbs.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: KsqlDB + listKind: KsqlDBList + plural: ksqldbs + shortNames: + - ksqldb + - ksql + singular: ksqldb + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.replicas + name: Replicas + type: string + - jsonPath: .status.readyReplicas + name: Ready + type: string + - jsonPath: .status.phase + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.kafka.bootstrapEndpoint + name: Kafka + priority: 1 + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: KsqlDB is the schema for the ksqlDB API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec defines the desired state of the ksqlDB cluster. + properties: + authentication: + description: authentication specifies whether authentication is needed + when accessing the ksqlDB cluster. + properties: + basic: + description: basic specifies the configuration for basic authentication. + properties: + debug: + description: debug enables the basic authentication debug + logs for JaaS configuration. + type: boolean + directoryPathInContainer: + description: 'directoryPathInContainer allows to pass the + basic credential through a directory path in the container. + More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + minLength: 1 + type: string + restrictedRoles: + description: restrictedRoles specify the restricted roles + on the server side only. Changes will be only reflected + in Control Center. This configuration is ignored on the + client side configuration. + items: + type: string + minItems: 1 + type: array + roles: + description: roles specify the roles on the server side only. + This configuration is ignored on the client side configuration. + items: + type: string + type: array + secretRef: + description: 'secretRef defines secret reference to pass the + required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the authentication scheme for the + REST API server. Valid options are `basic` and `mtls`. + enum: + - basic + - mtls + type: string + required: + - type + type: object + authorization: + description: authorization specifies the RBAC configuration for the + ksqlDB cluster. + properties: + kafkaRestClassRef: + description: kafkaRestClassRef references the KafkaRestClass which + specifies the Kafka REST API connection configuration. + properties: + name: + description: name specifies the name of the KafkaRestClass + application resource. + minLength: 1 + type: string + namespace: + description: namespace specifies the namespace of the KafkaRestClass. + type: string + required: + - name + type: object + type: + description: type specifies the client-side authorization type. + The valid option is `rbac`. + enum: + - rbac + type: string + required: + - type + type: object + configOverrides: + description: configOverrides specifies the configs to override the + server, JVM, Log4j properties for the ksqlDB cluster. A change will + roll the cluster. + properties: + jvm: + description: jvm is a list of JVM configuration supported by the + Confluent Platform component. This will either add or update + the existing configuration. + items: + type: string + type: array + log4j: + description: log4j is a list of Log4J configuration supported + by the Confluent Platform component. This will either add or + update the existing configuration. + items: + type: string + type: array + server: + description: server is a list of server configuration supported + by the Confluent Platform component. This will either add or + update existing configuration. + items: + type: string + type: array + type: object + dataVolumeCapacity: + anyOf: + - type: integer + - type: string + description: dataVolumeCapacity specifies the data volume for the + ksqlDB cluster. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + dependencies: + description: dependencies specifies the dependency configurations + for Kafka, Interceptor, Schema Registry, and the MDS. + properties: + interceptor: + description: interceptor specifies the interceptor dependency + configuration. + properties: + configs: + description: configs describe the configurations for the Confluent + Platform interceptor. The config override feature can be + used to pass the configuration settings. + items: + type: string + type: array + consumer: + description: consumer specifies the consumer configuration + for the interceptor. If not configured, it uses the Kafka + dependency configuration. + properties: + authentication: + description: authentication defines the authentication + for the Kafka cluster. + properties: + jaasConfig: + description: jaasConfig specifies the Kafka client-side + JaaS configuration. + properties: + secretRef: + description: 'secretRef references the secret + containing the required credentials. More info: + https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: jaasConfigPassThrough specifies another + way to provide the Kafka client-side JaaS configuration. + properties: + directoryPathInContainer: + description: 'directoryPathInContainer specifies + the directory path in the container where required + credentials are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + minLength: 1 + type: string + secretRef: + description: 'secretRef references the secret + containing the required credentials for authentication. + More info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the Kafka client authentication + type. Valid options are `plain`, `oauthbearer`, + `digest`, and `mtls`. + enum: + - plain + - oauthbearer + - digest + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: bootstrapEndpoint specifies the Kafka bootstrap + endpoint. + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: discovery specifies the capability to discover + the Kafka cluster. + properties: + name: + description: name is the name of the Confluent Platform + component cluster. + type: string + namespace: + description: namespace is where the Confluent Platform + component is running. The defauls value is the namespace + where CFK is running. + type: string + secretRef: + description: secretRef is the name of the secret used + to discover the Confluent Platform component. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: tls defines the client-side TLS setting for + the Kafka cluster. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the + directory path in the container where `keystore.jks`, + `truststore.jks`, and `jksPassword.txt` keys are + mounted. `truststore.jks` is not configured and + can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of + the secret containing the JKS password. More + info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + enabled: + description: enabled indicates whether the Confluent Platform + interceptor is enabled or disabled. + type: boolean + producer: + description: producer specifies the producer configuration + for the interceptor. If not configured, it uses the Kafka + dependency configuration. + properties: + authentication: + description: authentication defines the authentication + for the Kafka cluster. + properties: + jaasConfig: + description: jaasConfig specifies the Kafka client-side + JaaS configuration. + properties: + secretRef: + description: 'secretRef references the secret + containing the required credentials. More info: + https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: jaasConfigPassThrough specifies another + way to provide the Kafka client-side JaaS configuration. + properties: + directoryPathInContainer: + description: 'directoryPathInContainer specifies + the directory path in the container where required + credentials are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + minLength: 1 + type: string + secretRef: + description: 'secretRef references the secret + containing the required credentials for authentication. + More info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the Kafka client authentication + type. Valid options are `plain`, `oauthbearer`, + `digest`, and `mtls`. + enum: + - plain + - oauthbearer + - digest + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: bootstrapEndpoint specifies the Kafka bootstrap + endpoint. + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: discovery specifies the capability to discover + the Kafka cluster. + properties: + name: + description: name is the name of the Confluent Platform + component cluster. + type: string + namespace: + description: namespace is where the Confluent Platform + component is running. The defauls value is the namespace + where CFK is running. + type: string + secretRef: + description: secretRef is the name of the secret used + to discover the Confluent Platform component. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: tls defines the client-side TLS setting for + the Kafka cluster. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the + directory path in the container where `keystore.jks`, + `truststore.jks`, and `jksPassword.txt` keys are + mounted. `truststore.jks` is not configured and + can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of + the secret containing the JKS password. More + info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + publishMs: + type: integer + required: + - enabled + type: object + kafka: + description: kafka specifies the Kafka dependency configuration. + properties: + authentication: + description: authentication defines the authentication for + the Kafka cluster. + properties: + jaasConfig: + description: jaasConfig specifies the Kafka client-side + JaaS configuration. + properties: + secretRef: + description: 'secretRef references the secret containing + the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: jaasConfigPassThrough specifies another way + to provide the Kafka client-side JaaS configuration. + properties: + directoryPathInContainer: + description: 'directoryPathInContainer specifies the + directory path in the container where required credentials + are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + minLength: 1 + type: string + secretRef: + description: 'secretRef references the secret containing + the required credentials for authentication. More + info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the Kafka client authentication + type. Valid options are `plain`, `oauthbearer`, `digest`, + and `mtls`. + enum: + - plain + - oauthbearer + - digest + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: bootstrapEndpoint specifies the Kafka bootstrap + endpoint. + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: discovery specifies the capability to discover + the Kafka cluster. + properties: + name: + description: name is the name of the Confluent Platform + component cluster. + type: string + namespace: + description: namespace is where the Confluent Platform + component is running. The defauls value is the namespace + where CFK is running. + type: string + secretRef: + description: secretRef is the name of the secret used + to discover the Confluent Platform component. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: tls defines the client-side TLS setting for the + Kafka cluster. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the + secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: mds specifies the MDS dependencies configuration. + properties: + authentication: + description: authentication specifies the client side authentication + configuration for the MDS. + properties: + bearer: + description: bearer specifies the bearer authentication + settings. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the + directory path in the container where the credential + is mounted. + minLength: 1 + type: string + secretRef: + description: 'secretRef specifies the name of the + secret that contains the credential. More info: + https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the authentication method + for the MDS. The valid option is `bearer`. + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: endpoint specifies the MDS endpoint. + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: ClientTLSConfig specifies the TLS configuration + for the Confluent component (dependencies, listeners). + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the + secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: tokenKeyPair specifies the token keypair to configure + the MDS. + properties: + directoryPathInContainer: + description: directoryPathInContainer defines the directory + path in the container where the MDS token key pair are + mounted. + minLength: 1 + type: string + secretRef: + description: secretRef references the name of the secret + that contains the MDS token key pair. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - authentication + - endpoint + - tokenKeyPair + type: object + schemaRegistry: + description: schemaRegistry specifies the Schema Registry dependency + configuration. + properties: + authentication: + description: authentication specifies the authentication for + the Schema Registry cluster. + properties: + basic: + description: basic specifies the configuration for basic + authentication. + properties: + debug: + description: debug enables the basic authentication + debug logs for JaaS configuration. + type: boolean + directoryPathInContainer: + description: 'directoryPathInContainer allows to pass + the basic credential through a directory path in + the container. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + minLength: 1 + type: string + restrictedRoles: + description: restrictedRoles specify the restricted + roles on the server side only. Changes will be only + reflected in Control Center. This configuration + is ignored on the client side configuration. + items: + type: string + minItems: 1 + type: array + roles: + description: roles specify the roles on the server + side only. This configuration is ignored on the + client side configuration. + items: + type: string + type: array + secretRef: + description: 'secretRef defines secret reference to + pass the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the authentication scheme + for the REST API client. Valid options are `basic` and + `mtls`. + enum: + - basic + - mtls + type: string + required: + - type + type: object + tls: + description: tls defines the client-side TLS setting for the + Schema Registry cluster. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the + secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: url specifies the URL endpoint of the Schema + Registry cluster. + minLength: 1 + pattern: ^https?://.* + type: string + required: + - url + type: object + type: object + externalAccess: + description: externalAccess specifies the configurations for the endpoints + and services to make the ksqlDB accessible from outside the cluster. + properties: + loadBalancer: + description: loadBalancer specifies the configuration to create + a Kubernetes load balancer service. + properties: + annotations: + additionalProperties: + type: string + description: annotations specify Kubernetes annotations for + the load balancer service. + type: object + domain: + description: domain is the domain name of the component cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: externalTrafficPolicy specifies the external + traffic policy for the service. Valid options are `Local` + and `Cluster`. + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: loadBalancerSourceRanges specify the source ranges. + items: + type: string + type: array + port: + description: port specifies the external port for the client + consumption. If not configured, the same internal/external + port is configured for the component. Information about + the port can be retrieved through the status API. + format: int32 + type: integer + prefix: + description: prefix specify the prefix for the given domain. + The default value is the name of the cluster. + minLength: 1 + type: string + servicePorts: + description: servicePorts specify the user-provided service + port(s). + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard service + names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be + enabled with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in + the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this + is not specified, the value of the ''port'' field + is used (an identity map). This field is ignored for + services with clusterIP=None, and should be omitted + or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'sessionAffinity defines the Kubernetes session + affinity. The valid options are `ClientIP` and `None`. `ClientIP` + enables the client IP-based session affinity. The default + value is `None`. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of the session affinity. + properties: + clientIP: + description: clientIP contains the configurations of Client + IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - domain + type: object + nodePort: + description: nodePort specifies the configuration to create a + Kubernetes node port service. + properties: + annotations: + additionalProperties: + type: string + description: annotations contain Kubernetes annotations for + the node port service. + type: object + externalTrafficPolicy: + description: externalTrafficPolicy specifies the external + traffic policy for the service. Valid options are `Local` + and `Cluster`. + enum: + - Local + - Cluster + type: string + host: + description: host defines the host name of the cluster. + minLength: 1 + type: string + nodePortOffset: + description: nodePortOffset specifies the starting offset + of the node ports. The port numbers go in ascending order + with respect to the replicas count. NodePort service creation + fails if the node port is not in the range supported by + the Kubernetes API server. The default Kubernetes Node Port + range is `30000` - `32762`. + format: int32 + minimum: 0 + type: integer + servicePorts: + description: servicePorts specify user-provided service port(s). + For Kafka with the nodePort type, this setting is only applied + to Kafka bootstrap service. + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard service + names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be + enabled with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in + the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this + is not specified, the value of the ''port'' field + is used (an identity map). This field is ignored for + services with clusterIP=None, and should be omitted + or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'sessionAffinity defines the Kubernetes session + affinity. The valid options are `ClientIP` and `None`. `ClientIP` + enables the client IP-based session affinity. The default + value is `None`. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of the session affinity. + properties: + clientIP: + description: clientIP contains the configurations of Client + IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - host + - nodePortOffset + type: object + route: + description: route specifies the configuration to create a route + service in OpenShift. + properties: + annotations: + additionalProperties: + type: string + description: annotations contain Kubernetes annotations for + the route services. + type: object + domain: + description: domain specifies the domain name of the Confluent + component cluster. + minLength: 1 + type: string + prefix: + description: prefix specifies the component prefix when configured + for the domain. The default value is the name of the cluster. + minLength: 1 + type: string + wildcardPolicy: + description: wildcardPolicy allows you to define a route that + covers all hosts within a domain. Valid options are `Subdomain` + and `None`. The default value is `None`. + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: type specifies the Kubernetes external service for + the component. Valid options are `loadBalancer`, `nodePort`, + and `route`. + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + image: + description: image specifies the application and the init docker image + configurations. A change to this setting will roll the cluster. + properties: + application: + description: application is the Docker image name of the application. + Specify `//:`. + pattern: .+:.+ + type: string + init: + description: init is the init-container name. Specify `//:`. + pattern: .+:.+ + type: string + pullPolicy: + description: pullPolicy is the policy for pulling images. Valid + options are `Always`, `Never`, and `IfNotPresent`. The default + value is `IfNotPresent`. + enum: + - Always + - Never + - IfNotPresent + type: string + pullSecretRef: + description: 'pullSecretRef references the secrets in the same + namespace to be used for pulling images. Image pull secrets + are distinct from secrets because secrets can be mounted in + the pod, but image pull secrets are only accessed by `kubelet`. + More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: injectAnnotations are the annotations injected to the + internal resources that CFK created. The internal annotations are + preserved and cannot be overridden. For pod annotations, use `podTemplate.annotations`. + type: object + injectLabels: + additionalProperties: + type: string + description: injectLabels are the labels injected to the internal + resources that CFK created. The internal labels are preserved and + cannot be overridden. For pod labels, use `podTemplate.labels`. + type: object + internalTopicReplicationFactor: + description: internalTopicReplicationFactor specifies the replication + factor for internal topics. + format: int32 + type: integer + k8sClusterDomain: + description: k8sClusterDomain specifies the configuration of the Kubernetes + cluster domain. The default is the `cluster.local` domain. + type: string + license: + description: license specifies the license configuration for the Confluent + Platform component. + properties: + directoryPathInContainer: + description: 'directoryPathInContainer specifies the directory + path in the container where the license key is mounted. More + info: https://docs.confluent.io/operator/current/co-license.html#update-component-level-licenses' + minLength: 1 + type: string + globalLicense: + description: globalLicense specifies whether the Confluent Platform + component shares the CFK license. + type: boolean + secretRef: + description: 'secretRef references the secret that provides the + license for the Confluent Platform component. More info: https://docs.confluent.io/operator/current/co-license.html#update-component-level-licenses' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + metrics: + description: metrics specify the security settings for the metric + services. + properties: + authentication: + description: authentication specifies the authentication configuration + for the metrics. + properties: + type: + description: type specifies the metrics authentication method. + The valid option is `mtls`. + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: prometheus specifies the configuration overrides + for the JMX-Prometheus exporter. + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Rule defines the Prometheus Exporter rule override. + properties: + attrNameSnakeCase: + type: boolean + cache: + type: boolean + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: tls specifies the TLS configuration for the metrics. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether to ignore + the truststore configuration for the Confluent component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the secret + containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing the + certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: 'mountedSecrets list the secrets injected to the underlying + statefulset configuration. The secret reference is mounted in the + default path `/mnt/secrets/`. The underlying resources + will follow the secret as a file configuration. More info: https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod. + A change to this setting will roll the cluster.' + items: + description: MountedSecrets provides a way to inject a custom secret + to the underlying statefulset. + properties: + keyItems: + description: keyItems are key and path names. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be in + conflict with other options that affect the file mode, + like fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: secretRef references the name of the secret. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + oneReplicaPerNode: + description: oneReplicaPerNode controls whether to run 1 pod per node + using the pod anti-affinity capability. Enabling this configuration + in an existing cluster will roll the cluster. + type: boolean + podTemplate: + description: podTemplate specifies the statefulset pod template configuration. + properties: + affinity: + description: 'affinity specifies a group of affinity scheduling + rules. More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity.' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from + its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term + matches no objects. The requirements of them are + ANDed. The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node that + violates one or more of the expressions. The node that + is most preferred is the one with the greatest sum of + weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod + label update), the system may or may not try to eventually + evict the pod from its node. When there are multiple + elements, the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'annotations are unstructured key value maps stored + with the resource and may be set by external tools to store + and retrieve arbitrary metadata. They are not queryable and + should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations.' + type: object + envVars: + description: 'envVars contain environment variables to be injected + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container.' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'labels are maps of string keys and values that can + be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels.' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present + in container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to + all containers in a pod. Some volume types allow the Kubelet + to change the ownership of that volume to be owned by the + pod: \n 1. The owning GID will be the FSGroup 2. The setgid + bit is set (new files created in the volume will be owned + by FSGroup) 3. The permission bits are OR'd with rw-rw---- + \n If unset, the Kubelet will not modify the ownership and + permissions of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence + for that container. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process + run in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options within a container's + SecurityContext will be used. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + priorityClassName: + description: priorityClassName specifies the priority class for + the pod (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: probe contains the fields for standard Kubernetes + readiness/liveness probe configuration. + properties: + liveness: + description: liveness configures the Kubernetes probe settings. + The changes will override the existing default configuration. + properties: + failureThreshold: + description: failureThreshold is the minimum consecutive + failures for the probe to be considered failed. Confluent + Platform components come with the right configuration, + and this setting is not required to change most of the + time. + format: int32 + type: integer + initialDelaySeconds: + description: initialDelaySeconds is the number of seconds + after the container has started and before probes are + initiated. Confluent Platform components come with the + right configuration, and this setting is not required + to change most of the time. + format: int32 + type: integer + periodSeconds: + description: periodSeconds specifies how often to perform + the probe. Confluent Platform components come with the + right configuration, and this setting is not required + to change most of the time. + format: int32 + type: integer + successThreshold: + description: successThreshold is the minimum consecutive + successes for the probe to be considered successful + after having failed. The default values is `1`. Must + be `1` for liveness and startup. The minimum value is + `1`. + format: int32 + type: integer + timeoutSeconds: + description: timeoutSeconds is the number of seconds after + which the probe times out. Confluent Platform components + come with the right configuration, and this setting + is not required to change most of the time. + format: int32 + type: integer + type: object + readiness: + description: readiness configures the Kubernetes probe setting. + The changes will override the existing default configuration. + properties: + failureThreshold: + description: failureThreshold is the minimum consecutive + failures for the probe to be considered failed. Confluent + Platform components come with the right configuration, + and this setting is not required to change most of the + time. + format: int32 + type: integer + initialDelaySeconds: + description: initialDelaySeconds is the number of seconds + after the container has started and before probes are + initiated. Confluent Platform components come with the + right configuration, and this setting is not required + to change most of the time. + format: int32 + type: integer + periodSeconds: + description: periodSeconds specifies how often to perform + the probe. Confluent Platform components come with the + right configuration, and this setting is not required + to change most of the time. + format: int32 + type: integer + successThreshold: + description: successThreshold is the minimum consecutive + successes for the probe to be considered successful + after having failed. The default values is `1`. Must + be `1` for liveness and startup. The minimum value is + `1`. + format: int32 + type: integer + timeoutSeconds: + description: timeoutSeconds is the number of seconds after + which the probe times out. Confluent Platform components + come with the right configuration, and this setting + is not required to change most of the time. + format: int32 + type: integer + type: object + type: object + resources: + description: resources describe the compute resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the service account + used to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account.' + type: string + terminationGracePeriodSeconds: + description: terminationGracePeriodSeconds is the grace period + before the pod is deleted. + format: int64 + type: integer + tolerations: + description: tolerations specify the pods to schedule onto the + nodes with matching taints, using the triple `` + and the matching operator ``. + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: topologySpreadConstraints describe how a group of + pods ought to spread across topology domains. Scheduler will + schedule pods based on the constraints. All topologySpreadConstraints + are ANDed. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods + may be unevenly distributed. It''s the maximum permitted + difference between the number of matching pods in any + two topology domains of a given topology type. For example, + in a 3-zone cluster, MaxSkew is set to 1, and pods with + the same labelSelector spread as 1/1/0: | zone1 | zone2 + | zone3 | | P | P | | - if MaxSkew is 1, + incoming pod can only be scheduled to zone3 to become + 1/1/1; scheduling it onto zone1(zone2) would make the + ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - + if MaxSkew is 2, incoming pod can be scheduled onto any + zone. It''s a required field. Default value is 1 and 0 + is not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - + DoNotSchedule (default) tells the scheduler not to schedule + it - ScheduleAnyway tells the scheduler to still schedule + it It''s considered as "Unsatisfiable" if and only if + placing incoming pod on any topology violates "MaxSkew". + For example, in a 3-zone cluster, MaxSkew is set to 1, + and pods with the same labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | | P P P | P | P | If + WhenUnsatisfiable is set to DoNotSchedule, incoming pod + can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). + In other words, the cluster can still be imbalanced, but + scheduler won''t make it *more* imbalanced. It''s a required + field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + replicas: + description: replicas is the desired number of replicas. A change + to this setting will roll the cluster. + format: int32 + type: integer + storageClass: + description: storageClass specifies the storage class used for creating + the PVC for the ksqlDB cluster. + properties: + name: + description: name is the storage class name. + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + telemetry: + description: telemetry specifies the Confluent telemetry reporter + configuration. + properties: + global: + description: global allows disabling telemetry configuration. + If CFK is deployed with telemetry, this field is only used to + disable telemetry. The default value is `true` if telemetry + is enabled at the global level. + type: boolean + type: object + tls: + description: tls specifies the TLS configurations for the ksqlDB cluster. + properties: + autoGeneratedCerts: + description: autoGeneratedCerts specifies that the certificates + are auto-generated based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` is + not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether to ignore + the truststore configuration for the Confluent component. + type: boolean + jksPassword: + description: jksPassword references the secret containing the + JKS password. + properties: + secretRef: + description: 'secretRef references the name of the secret + containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing the certificates. + More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - dataVolumeCapacity + - image + - replicas + type: object + status: + description: status defines the observed state of ksqlDB Server. + properties: + authorizationType: + description: authorizationType is the authorization type for this + Confluent component. + type: string + clusterName: + description: clusterName is the name of the Confluent Platform component + cluster. + type: string + clusterNamespace: + description: clusterNamespace is the namespace where the Confluent + Platform component cluster is running. + type: string + conditions: + description: conditions specify the latest available observations + of the current state. + items: + description: Condition represent the latest available observations + of the current state. + properties: + lastProbeTime: + description: lastProbeTime shows the last time the condition + was evaluated. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime shows the last time the condition + was transitioned from one status to another. + format: date-time + type: string + message: + description: message shows a human-readable message with details + about the transition. + type: string + reason: + description: reason shows the reason for the last transition + of the condition. + type: string + status: + description: status shows the status of the condition, one of + `True`, `False`, or `Unknown`. + type: string + type: + description: type shows the condition type. + type: string + type: object + type: array + currentReplicas: + description: currentReplicas is the number of currently running replicas. + format: int32 + type: integer + internalSecrets: + description: internalSecrets are internal secrets created by CFK for + this Confluent component. + items: + type: string + type: array + internalTopicNames: + description: internalTopicNames are the topics used by the component + for internal use. + items: + type: string + type: array + kafka: + description: kafka is the Kafka client side status for the ksqlDB + cluster. + properties: + authenticationType: + description: authenticationType describes the authentication method + for the Kafka cluster. + type: string + bootstrapEndpoint: + description: bootstrapEndpoint specifies the Kafka bootstrap endpoint. + type: string + tls: + description: tls indicates whether TLS is enabled for the Kafka + dependency. + type: boolean + type: object + operatorVersion: + description: operatorVersion is the internal version of CFK. + type: string + phase: + description: phase describes the state of the Confluent Platform component. + type: string + rbac: + description: rbac contains the RBAC-related status when RBAC is enabled. + properties: + clusterId: + description: clusterId specifies the id of the cluster. + type: string + internalRolebindings: + description: internalRolebindings specifies the internal rolebindings. + items: + type: string + type: array + type: object + readyReplicas: + description: readyReplicas is the number of currently ready replicas. + format: int32 + type: integer + replicas: + description: replicas is the number of replicas. + format: int32 + type: integer + restConfig: + description: restConfig is the REST API configuration of the ksqlDB + cluster. + properties: + advertisedExternalEndpoints: + description: advertisedExternalEndpoints specifies other advertised + endpoints used, especially for Kafka. + items: + type: string + type: array + authenticationType: + description: authenticationType shows the authentication type + configured by the listener. + type: string + externalAccessType: + description: externalAccessType shows the external access type + used for the listener. + type: string + externalEndpoint: + description: externalEndpoint specifies the external endpoint + to connect to the Confluent component cluster. + type: string + internalEndpoint: + description: internalEndpoint specifies the internal endpoint + to connect to the Confluent component cluster. + type: string + tls: + description: tls shows whether TLS is configured for the listener. + type: boolean + type: object + selector: + description: selector gets the label selector of the child pod. The + Horizontal Pod Autoscaler(HPA) will scale using the label selector + of the child pod. + type: string + serviceId: + description: serviceId is the id of the ksqlDB service. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.2.1/crds/platform.confluent.io_migrationjobs.yaml b/base/cfk-base/2.2.1/crds/platform.confluent.io_migrationjobs.yaml new file mode 100644 index 0000000..5f771c8 --- /dev/null +++ b/base/cfk-base/2.2.1/crds/platform.confluent.io_migrationjobs.yaml @@ -0,0 +1,746 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_migrationjobs.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: migrationjobs.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: MigrationJob + listKind: MigrationJobList + plural: migrationjobs + shortNames: + - migrationjob + - migration + singular: migrationjob + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: MigrationJob is the schema for the MigrationJob API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec defines the desired state of the MigrationJob. + properties: + blockReconcile: + description: blockReconcile specifies whether to block the reconciling + process. + type: boolean + connect: + description: connect specifies the migration job spec for Connect. + properties: + annotations: + additionalProperties: + type: string + description: 'annotations specify the annotations for the new + resource created. An annotation is an unstructured key value + map stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. annotations are not + queryable and should be preserved when modifying objects. More + info: http://kubernetes.io/docs/user-guide/annotations.' + type: object + configOverrides: + description: configOverrides specify the configuration overrides + for the new resource created. This setting takes precedence + over the default configuration. + properties: + jvm: + description: jvm is a list of JVM configuration supported + by the Confluent Platform component. This will either add + or update the existing configuration. + items: + type: string + type: array + log4j: + description: log4j is a list of Log4J configuration supported + by the Confluent Platform component. This will either add + or update the existing configuration. + items: + type: string + type: array + server: + description: server is a list of server configuration supported + by the Confluent Platform component. This will either add + or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: enabled indicates whether migration of this component + is enabled. + type: boolean + labels: + additionalProperties: + type: string + description: 'labels specify the labels for the new resource created. + A label is a map of string key and value that can be used to + organize and categorize (scope and select) objects. May match + selectors of replication controllers and services. More info: + http://kubernetes.io/docs/user-guide/labels.' + type: object + name: + description: name specifies the name of the component resource + to migrate. It must be unique within a namespace. Note that + the resource will be deleted once the migration is complete. + Required if this component is enabled. + type: string + namespace: + description: namespace specifies the namespace for the component + to migrate. An empty namespace is equivalent to the "default" + namespace, but `default` is the canonical representation. Not + all objects are required to be scoped to a namespace, and the + value of this field for those objects will be empty. + type: string + release: + description: release is the Helm release name for the component. + It is optional for the Kafka and Zookeeper releases. + minLength: 1 + type: string + required: + - enabled + - name + type: object + controlcenter: + description: controlcenter specifies the migration job spec for Control + Center. + properties: + annotations: + additionalProperties: + type: string + description: 'annotations specify the annotations for the new + resource created. An annotation is an unstructured key value + map stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. annotations are not + queryable and should be preserved when modifying objects. More + info: http://kubernetes.io/docs/user-guide/annotations.' + type: object + configOverrides: + description: configOverrides specify the configuration overrides + for the new resource created. This setting takes precedence + over the default configuration. + properties: + jvm: + description: jvm is a list of JVM configuration supported + by the Confluent Platform component. This will either add + or update the existing configuration. + items: + type: string + type: array + log4j: + description: log4j is a list of Log4J configuration supported + by the Confluent Platform component. This will either add + or update the existing configuration. + items: + type: string + type: array + server: + description: server is a list of server configuration supported + by the Confluent Platform component. This will either add + or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: enabled indicates whether migration of this component + is enabled. + type: boolean + labels: + additionalProperties: + type: string + description: 'labels specify the labels for the new resource created. + A label is a map of string key and value that can be used to + organize and categorize (scope and select) objects. May match + selectors of replication controllers and services. More info: + http://kubernetes.io/docs/user-guide/labels.' + type: object + name: + description: name specifies the name of the component resource + to migrate. It must be unique within a namespace. Note that + the resource will be deleted once the migration is complete. + Required if this component is enabled. + type: string + namespace: + description: namespace specifies the namespace for the component + to migrate. An empty namespace is equivalent to the "default" + namespace, but `default` is the canonical representation. Not + all objects are required to be scoped to a namespace, and the + value of this field for those objects will be empty. + type: string + release: + description: release is the Helm release name for the component. + It is optional for the Kafka and Zookeeper releases. + minLength: 1 + type: string + required: + - enabled + - name + type: object + initContainerImage: + description: initContainerImage specifies the image name of the init + container. + minLength: 1 + type: string + kafka: + description: kafka specifies the migration job spec for Kafka. + properties: + annotations: + additionalProperties: + type: string + description: 'annotations specify the annotations for the new + resource created. An annotation is an unstructured key value + map stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. annotations are not + queryable and should be preserved when modifying objects. More + info: http://kubernetes.io/docs/user-guide/annotations.' + type: object + configOverrides: + description: configOverrides specify the configuration overrides + for the new resource created. This setting takes precedence + over the default configuration. + properties: + jvm: + description: jvm is a list of JVM configuration supported + by the Confluent Platform component. This will either add + or update the existing configuration. + items: + type: string + type: array + log4j: + description: log4j is a list of Log4J configuration supported + by the Confluent Platform component. This will either add + or update the existing configuration. + items: + type: string + type: array + server: + description: server is a list of server configuration supported + by the Confluent Platform component. This will either add + or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: enabled indicates whether migration of this component + is enabled. + type: boolean + labels: + additionalProperties: + type: string + description: 'labels specify the labels for the new resource created. + A label is a map of string key and value that can be used to + organize and categorize (scope and select) objects. May match + selectors of replication controllers and services. More info: + http://kubernetes.io/docs/user-guide/labels.' + type: object + name: + description: name specifies the name of the component resource + to migrate. It must be unique within a namespace. Note that + the resource will be deleted once the migration is complete. + Required if this component is enabled. + type: string + namespace: + description: namespace specifies the namespace for the component + to migrate. An empty namespace is equivalent to the "default" + namespace, but `default` is the canonical representation. Not + all objects are required to be scoped to a namespace, and the + value of this field for those objects will be empty. + type: string + release: + description: release is the Helm release name for the component. + It is optional for the Kafka and Zookeeper releases. + minLength: 1 + type: string + required: + - enabled + - name + type: object + ksqldb: + description: ksqldb specifies the migration job spec for ksqlDB. + properties: + annotations: + additionalProperties: + type: string + description: 'annotations specify the annotations for the new + resource created. An annotation is an unstructured key value + map stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. annotations are not + queryable and should be preserved when modifying objects. More + info: http://kubernetes.io/docs/user-guide/annotations.' + type: object + configOverrides: + description: configOverrides specify the configuration overrides + for the new resource created. This setting takes precedence + over the default configuration. + properties: + jvm: + description: jvm is a list of JVM configuration supported + by the Confluent Platform component. This will either add + or update the existing configuration. + items: + type: string + type: array + log4j: + description: log4j is a list of Log4J configuration supported + by the Confluent Platform component. This will either add + or update the existing configuration. + items: + type: string + type: array + server: + description: server is a list of server configuration supported + by the Confluent Platform component. This will either add + or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: enabled indicates whether migration of this component + is enabled. + type: boolean + labels: + additionalProperties: + type: string + description: 'labels specify the labels for the new resource created. + A label is a map of string key and value that can be used to + organize and categorize (scope and select) objects. May match + selectors of replication controllers and services. More info: + http://kubernetes.io/docs/user-guide/labels.' + type: object + name: + description: name specifies the name of the component resource + to migrate. It must be unique within a namespace. Note that + the resource will be deleted once the migration is complete. + Required if this component is enabled. + type: string + namespace: + description: namespace specifies the namespace for the component + to migrate. An empty namespace is equivalent to the "default" + namespace, but `default` is the canonical representation. Not + all objects are required to be scoped to a namespace, and the + value of this field for those objects will be empty. + type: string + release: + description: release is the Helm release name for the component. + It is optional for the Kafka and Zookeeper releases. + minLength: 1 + type: string + required: + - enabled + - name + type: object + pullSecretRef: + description: pullSecretRef references a list of the secret names for + pulling Confluent images. + items: + type: string + type: array + replicator: + description: replicator specifies the migration job spec for Replicator. + properties: + annotations: + additionalProperties: + type: string + description: 'annotations specify the annotations for the new + resource created. An annotation is an unstructured key value + map stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. annotations are not + queryable and should be preserved when modifying objects. More + info: http://kubernetes.io/docs/user-guide/annotations.' + type: object + configOverrides: + description: configOverrides specify the configuration overrides + for the new resource created. This setting takes precedence + over the default configuration. + properties: + jvm: + description: jvm is a list of JVM configuration supported + by the Confluent Platform component. This will either add + or update the existing configuration. + items: + type: string + type: array + log4j: + description: log4j is a list of Log4J configuration supported + by the Confluent Platform component. This will either add + or update the existing configuration. + items: + type: string + type: array + server: + description: server is a list of server configuration supported + by the Confluent Platform component. This will either add + or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: enabled indicates whether migration of this component + is enabled. + type: boolean + labels: + additionalProperties: + type: string + description: 'labels specify the labels for the new resource created. + A label is a map of string key and value that can be used to + organize and categorize (scope and select) objects. May match + selectors of replication controllers and services. More info: + http://kubernetes.io/docs/user-guide/labels.' + type: object + name: + description: name specifies the name of the component resource + to migrate. It must be unique within a namespace. Note that + the resource will be deleted once the migration is complete. + Required if this component is enabled. + type: string + namespace: + description: namespace specifies the namespace for the component + to migrate. An empty namespace is equivalent to the "default" + namespace, but `default` is the canonical representation. Not + all objects are required to be scoped to a namespace, and the + value of this field for those objects will be empty. + type: string + release: + description: release is the Helm release name for the component. + It is optional for the Kafka and Zookeeper releases. + minLength: 1 + type: string + required: + - enabled + - name + type: object + schemaRegistry: + description: schemaRegistry specifies the migration job spec for Schema + Registry. + properties: + annotations: + additionalProperties: + type: string + description: 'annotations specify the annotations for the new + resource created. An annotation is an unstructured key value + map stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. annotations are not + queryable and should be preserved when modifying objects. More + info: http://kubernetes.io/docs/user-guide/annotations.' + type: object + configOverrides: + description: configOverrides specify the configuration overrides + for the new resource created. This setting takes precedence + over the default configuration. + properties: + jvm: + description: jvm is a list of JVM configuration supported + by the Confluent Platform component. This will either add + or update the existing configuration. + items: + type: string + type: array + log4j: + description: log4j is a list of Log4J configuration supported + by the Confluent Platform component. This will either add + or update the existing configuration. + items: + type: string + type: array + server: + description: server is a list of server configuration supported + by the Confluent Platform component. This will either add + or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: enabled indicates whether migration of this component + is enabled. + type: boolean + labels: + additionalProperties: + type: string + description: 'labels specify the labels for the new resource created. + A label is a map of string key and value that can be used to + organize and categorize (scope and select) objects. May match + selectors of replication controllers and services. More info: + http://kubernetes.io/docs/user-guide/labels.' + type: object + name: + description: name specifies the name of the component resource + to migrate. It must be unique within a namespace. Note that + the resource will be deleted once the migration is complete. + Required if this component is enabled. + type: string + namespace: + description: namespace specifies the namespace for the component + to migrate. An empty namespace is equivalent to the "default" + namespace, but `default` is the canonical representation. Not + all objects are required to be scoped to a namespace, and the + value of this field for those objects will be empty. + type: string + release: + description: release is the Helm release name for the component. + It is optional for the Kafka and Zookeeper releases. + minLength: 1 + type: string + required: + - enabled + - name + type: object + skipCleanup: + description: skipCleanup specifies whether to skip the cleanup. + type: boolean + skipRollback: + description: skipRollback specifies whether to skip the rollback. + type: boolean + zookeeper: + description: zookeeper specifies the migration job spec for Zookeeper. + properties: + annotations: + additionalProperties: + type: string + description: 'annotations specify the annotations for the new + resource created. An annotation is an unstructured key value + map stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. annotations are not + queryable and should be preserved when modifying objects. More + info: http://kubernetes.io/docs/user-guide/annotations.' + type: object + configOverrides: + description: configOverrides specify the configuration overrides + for the new resource created. This setting takes precedence + over the default configuration. + properties: + jvm: + description: jvm is a list of JVM configuration supported + by the Confluent Platform component. This will either add + or update the existing configuration. + items: + type: string + type: array + log4j: + description: log4j is a list of Log4J configuration supported + by the Confluent Platform component. This will either add + or update the existing configuration. + items: + type: string + type: array + server: + description: server is a list of server configuration supported + by the Confluent Platform component. This will either add + or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: enabled indicates whether migration of this component + is enabled. + type: boolean + labels: + additionalProperties: + type: string + description: 'labels specify the labels for the new resource created. + A label is a map of string key and value that can be used to + organize and categorize (scope and select) objects. May match + selectors of replication controllers and services. More info: + http://kubernetes.io/docs/user-guide/labels.' + type: object + name: + description: name specifies the name of the component resource + to migrate. It must be unique within a namespace. Note that + the resource will be deleted once the migration is complete. + Required if this component is enabled. + type: string + namespace: + description: namespace specifies the namespace for the component + to migrate. An empty namespace is equivalent to the "default" + namespace, but `default` is the canonical representation. Not + all objects are required to be scoped to a namespace, and the + value of this field for those objects will be empty. + type: string + release: + description: release is the Helm release name for the component. + It is optional for the Kafka and Zookeeper releases. + minLength: 1 + type: string + required: + - enabled + - name + type: object + required: + - initContainerImage + type: object + status: + description: status defines the observed state of the MigrationJob. + properties: + conditions: + description: conditions represents the latest available observations + of the migration job. + items: + description: Condition represent the latest available observations + of the current state. + properties: + lastProbeTime: + description: lastProbeTime shows the last time the condition + was evaluated. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime shows the last time the condition + was transitioned from one status to another. + format: date-time + type: string + message: + description: message shows a human-readable message with details + about the transition. + type: string + reason: + description: reason shows the reason for the last transition + of the condition. + type: string + status: + description: status shows the status of the condition, one of + `True`, `False`, or `Unknown`. + type: string + type: + description: type shows the condition type. + type: string + type: object + type: array + connect: + description: connect is the migration state of Connect. + properties: + message: + description: message is the message for migration. + type: string + phase: + description: phase is the migration state. + type: string + required: + - message + - phase + type: object + controlcenter: + description: controlcenter is the migration state of Control Center. + properties: + message: + description: message is the message for migration. + type: string + phase: + description: phase is the migration state. + type: string + required: + - message + - phase + type: object + kafka: + description: kafka is the migration state of Kafka. + properties: + message: + description: message is the message for migration. + type: string + phase: + description: phase is the migration state. + type: string + required: + - message + - phase + type: object + ksqldb: + description: ksqldb is the migration state of ksqlDB. + properties: + message: + description: message is the message for migration. + type: string + phase: + description: phase is the migration state. + type: string + required: + - message + - phase + type: object + phase: + description: phase is the state of the migration job. + type: string + replicator: + description: replicator is the migration state of Replicator. + properties: + message: + description: message is the message for migration. + type: string + phase: + description: phase is the migration state. + type: string + required: + - message + - phase + type: object + schemaRegistry: + description: schemaRegistry is the migration state of Schema Registry. + properties: + message: + description: message is the message for migration. + type: string + phase: + description: phase is the migration state. + type: string + required: + - message + - phase + type: object + zookeeper: + description: zookeeper is the migration state of Zookeeper. + properties: + message: + description: message is the message for migration. + type: string + phase: + description: phase is the migration state. + type: string + required: + - message + - phase + type: object + required: + - phase + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.2.1/crds/platform.confluent.io_schemaregistries.yaml b/base/cfk-base/2.2.1/crds/platform.confluent.io_schemaregistries.yaml new file mode 100644 index 0000000..80dcde5 --- /dev/null +++ b/base/cfk-base/2.2.1/crds/platform.confluent.io_schemaregistries.yaml @@ -0,0 +1,2337 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_schemaregistries.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: schemaregistries.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: SchemaRegistry + listKind: SchemaRegistryList + plural: schemaregistries + shortNames: + - schemaregistry + - sr + singular: schemaregistry + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.replicas + name: Replicas + type: string + - jsonPath: .status.readyReplicas + name: Ready + type: string + - jsonPath: .status.phase + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.kafka.bootstrapEndpoint + name: Kafka + priority: 1 + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: SchemaRegistry is the schema for the Schema Registry API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec defines the desired state of the Schema Registry cluster. + properties: + authentication: + description: authentication specifies the authentication configurations + for the REST API endpoint. + properties: + basic: + description: basic specifies the configuration for basic authentication. + properties: + debug: + description: debug enables the basic authentication debug + logs for JaaS configuration. + type: boolean + directoryPathInContainer: + description: 'directoryPathInContainer allows to pass the + basic credential through a directory path in the container. + More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + minLength: 1 + type: string + restrictedRoles: + description: restrictedRoles specify the restricted roles + on the server side only. Changes will be only reflected + in Control Center. This configuration is ignored on the + client side configuration. + items: + type: string + minItems: 1 + type: array + roles: + description: roles specify the roles on the server side only. + This configuration is ignored on the client side configuration. + items: + type: string + type: array + secretRef: + description: 'secretRef defines secret reference to pass the + required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the authentication scheme for the + REST API server. Valid options are `basic` and `mtls`. + enum: + - basic + - mtls + type: string + required: + - type + type: object + authorization: + description: authorization specifies the authorization configurations. + properties: + kafkaRestClassRef: + description: kafkaRestClassRef references the KafkaRestClass which + specifies the Kafka REST API connection configuration. + properties: + name: + description: name specifies the name of the KafkaRestClass + application resource. + minLength: 1 + type: string + namespace: + description: namespace specifies the namespace of the KafkaRestClass. + type: string + required: + - name + type: object + type: + description: type specifies the client-side authorization type. + The valid option is `rbac`. + enum: + - rbac + type: string + required: + - type + type: object + configOverrides: + description: configOverrides specifies the configs to override the + server, JVM, Log4j properties for the Schema Registry cluster. A + change will roll the cluster. + properties: + jvm: + description: jvm is a list of JVM configuration supported by the + Confluent Platform component. This will either add or update + the existing configuration. + items: + type: string + type: array + log4j: + description: log4j is a list of Log4J configuration supported + by the Confluent Platform component. This will either add or + update the existing configuration. + items: + type: string + type: array + server: + description: server is a list of server configuration supported + by the Confluent Platform component. This will either add or + update existing configuration. + items: + type: string + type: array + type: object + dependencies: + description: dependencies specify the dependency configurations for + the Schema Registry. + properties: + kafka: + description: kafka specifies the Kafka dependency configuration. + properties: + authentication: + description: authentication defines the authentication for + the Kafka cluster. + properties: + jaasConfig: + description: jaasConfig specifies the Kafka client-side + JaaS configuration. + properties: + secretRef: + description: 'secretRef references the secret containing + the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: jaasConfigPassThrough specifies another way + to provide the Kafka client-side JaaS configuration. + properties: + directoryPathInContainer: + description: 'directoryPathInContainer specifies the + directory path in the container where required credentials + are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + minLength: 1 + type: string + secretRef: + description: 'secretRef references the secret containing + the required credentials for authentication. More + info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the Kafka client authentication + type. Valid options are `plain`, `oauthbearer`, `digest`, + and `mtls`. + enum: + - plain + - oauthbearer + - digest + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: bootstrapEndpoint specifies the Kafka bootstrap + endpoint. + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: discovery specifies the capability to discover + the Kafka cluster. + properties: + name: + description: name is the name of the Confluent Platform + component cluster. + type: string + namespace: + description: namespace is where the Confluent Platform + component is running. The defauls value is the namespace + where CFK is running. + type: string + secretRef: + description: secretRef is the name of the secret used + to discover the Confluent Platform component. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: tls defines the client-side TLS setting for the + Kafka cluster. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the + secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: mds specifies the MDS dependencies configurations. + properties: + authentication: + description: authentication specifies the client side authentication + configuration for the MDS. + properties: + bearer: + description: bearer specifies the bearer authentication + settings. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the + directory path in the container where the credential + is mounted. + minLength: 1 + type: string + secretRef: + description: 'secretRef specifies the name of the + secret that contains the credential. More info: + https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the authentication method + for the MDS. The valid option is `bearer`. + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: endpoint specifies the MDS endpoint. + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: ClientTLSConfig specifies the TLS configuration + for the Confluent component (dependencies, listeners). + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the + secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: tokenKeyPair specifies the token keypair to configure + the MDS. + properties: + directoryPathInContainer: + description: directoryPathInContainer defines the directory + path in the container where the MDS token key pair are + mounted. + minLength: 1 + type: string + secretRef: + description: secretRef references the name of the secret + that contains the MDS token key pair. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - authentication + - endpoint + - tokenKeyPair + type: object + type: object + externalAccess: + description: externalAccess specifies the external access configuration. + properties: + loadBalancer: + description: loadBalancer specifies the configuration to create + a Kubernetes load balancer service. + properties: + annotations: + additionalProperties: + type: string + description: annotations specify Kubernetes annotations for + the load balancer service. + type: object + domain: + description: domain is the domain name of the component cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: externalTrafficPolicy specifies the external + traffic policy for the service. Valid options are `Local` + and `Cluster`. + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: loadBalancerSourceRanges specify the source ranges. + items: + type: string + type: array + port: + description: port specifies the external port for the client + consumption. If not configured, the same internal/external + port is configured for the component. Information about + the port can be retrieved through the status API. + format: int32 + type: integer + prefix: + description: prefix specify the prefix for the given domain. + The default value is the name of the cluster. + minLength: 1 + type: string + servicePorts: + description: servicePorts specify the user-provided service + port(s). + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard service + names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be + enabled with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in + the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this + is not specified, the value of the ''port'' field + is used (an identity map). This field is ignored for + services with clusterIP=None, and should be omitted + or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'sessionAffinity defines the Kubernetes session + affinity. The valid options are `ClientIP` and `None`. `ClientIP` + enables the client IP-based session affinity. The default + value is `None`. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of the session affinity. + properties: + clientIP: + description: clientIP contains the configurations of Client + IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - domain + type: object + nodePort: + description: nodePort specifies the configuration to create a + Kubernetes node port service. + properties: + annotations: + additionalProperties: + type: string + description: annotations contain Kubernetes annotations for + the node port service. + type: object + externalTrafficPolicy: + description: externalTrafficPolicy specifies the external + traffic policy for the service. Valid options are `Local` + and `Cluster`. + enum: + - Local + - Cluster + type: string + host: + description: host defines the host name of the cluster. + minLength: 1 + type: string + nodePortOffset: + description: nodePortOffset specifies the starting offset + of the node ports. The port numbers go in ascending order + with respect to the replicas count. NodePort service creation + fails if the node port is not in the range supported by + the Kubernetes API server. The default Kubernetes Node Port + range is `30000` - `32762`. + format: int32 + minimum: 0 + type: integer + servicePorts: + description: servicePorts specify user-provided service port(s). + For Kafka with the nodePort type, this setting is only applied + to Kafka bootstrap service. + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard service + names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be + enabled with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in + the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this + is not specified, the value of the ''port'' field + is used (an identity map). This field is ignored for + services with clusterIP=None, and should be omitted + or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'sessionAffinity defines the Kubernetes session + affinity. The valid options are `ClientIP` and `None`. `ClientIP` + enables the client IP-based session affinity. The default + value is `None`. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of the session affinity. + properties: + clientIP: + description: clientIP contains the configurations of Client + IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - host + - nodePortOffset + type: object + route: + description: route specifies the configuration to create a route + service in OpenShift. + properties: + annotations: + additionalProperties: + type: string + description: annotations contain Kubernetes annotations for + the route services. + type: object + domain: + description: domain specifies the domain name of the Confluent + component cluster. + minLength: 1 + type: string + prefix: + description: prefix specifies the component prefix when configured + for the domain. The default value is the name of the cluster. + minLength: 1 + type: string + wildcardPolicy: + description: wildcardPolicy allows you to define a route that + covers all hosts within a domain. Valid options are `Subdomain` + and `None`. The default value is `None`. + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: type specifies the Kubernetes external service for + the component. Valid options are `loadBalancer`, `nodePort`, + and `route`. + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + image: + description: image specifies the application and the init docker image + configurations. A change to this setting will roll the cluster. + properties: + application: + description: application is the Docker image name of the application. + Specify `//:`. + pattern: .+:.+ + type: string + init: + description: init is the init-container name. Specify `//:`. + pattern: .+:.+ + type: string + pullPolicy: + description: pullPolicy is the policy for pulling images. Valid + options are `Always`, `Never`, and `IfNotPresent`. The default + value is `IfNotPresent`. + enum: + - Always + - Never + - IfNotPresent + type: string + pullSecretRef: + description: 'pullSecretRef references the secrets in the same + namespace to be used for pulling images. Image pull secrets + are distinct from secrets because secrets can be mounted in + the pod, but image pull secrets are only accessed by `kubelet`. + More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: injectAnnotations are the annotations injected to the + internal resources that CFK created. The internal annotations are + preserved and cannot be overridden. For pod annotations, use `podTemplate.annotations`. + type: object + injectLabels: + additionalProperties: + type: string + description: injectLabels are the labels injected to the internal + resources that CFK created. The internal labels are preserved and + cannot be overridden. For pod labels, use `podTemplate.labels`. + type: object + internalTopicReplicatorFactor: + description: internalTopicReplicatorFactor specifies the replication + factor for internal topics. + format: int32 + minimum: 1 + type: integer + k8sClusterDomain: + description: k8sClusterDomain specifies the configuration of the Kubernetes + cluster domain. The default is the `cluster.local` domain. + type: string + license: + description: license specifies the license configuration for the Confluent + Platform component. + properties: + directoryPathInContainer: + description: 'directoryPathInContainer specifies the directory + path in the container where the license key is mounted. More + info: https://docs.confluent.io/operator/current/co-license.html#update-component-level-licenses' + minLength: 1 + type: string + globalLicense: + description: globalLicense specifies whether the Confluent Platform + component shares the CFK license. + type: boolean + secretRef: + description: 'secretRef references the secret that provides the + license for the Confluent Platform component. More info: https://docs.confluent.io/operator/current/co-license.html#update-component-level-licenses' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + metrics: + description: metrics specify the security settings for the metric + services. + properties: + authentication: + description: authentication specifies the authentication configuration + for the metrics. + properties: + type: + description: type specifies the metrics authentication method. + The valid option is `mtls`. + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: prometheus specifies the configuration overrides + for the JMX-Prometheus exporter. + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Rule defines the Prometheus Exporter rule override. + properties: + attrNameSnakeCase: + type: boolean + cache: + type: boolean + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: tls specifies the TLS configuration for the metrics. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether to ignore + the truststore configuration for the Confluent component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the secret + containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing the + certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: 'mountedSecrets list the secrets injected to the underlying + statefulset configuration. The secret reference is mounted in the + default path `/mnt/secrets/`. The underlying resources + will follow the secret as a file configuration. More info: https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod. + A change to this setting will roll the cluster.' + items: + description: MountedSecrets provides a way to inject a custom secret + to the underlying statefulset. + properties: + keyItems: + description: keyItems are key and path names. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be in + conflict with other options that affect the file mode, + like fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: secretRef references the name of the secret. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + oneReplicaPerNode: + description: oneReplicaPerNode controls whether to run 1 pod per node + using the pod anti-affinity capability. Enabling this configuration + in an existing cluster will roll the cluster. + type: boolean + podTemplate: + description: podTemplate specifies the statefulset pod template configuration. + properties: + affinity: + description: 'affinity specifies a group of affinity scheduling + rules. More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity.' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from + its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term + matches no objects. The requirements of them are + ANDed. The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node that + violates one or more of the expressions. The node that + is most preferred is the one with the greatest sum of + weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod + label update), the system may or may not try to eventually + evict the pod from its node. When there are multiple + elements, the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'annotations are unstructured key value maps stored + with the resource and may be set by external tools to store + and retrieve arbitrary metadata. They are not queryable and + should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations.' + type: object + envVars: + description: 'envVars contain environment variables to be injected + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container.' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'labels are maps of string keys and values that can + be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels.' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present + in container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to + all containers in a pod. Some volume types allow the Kubelet + to change the ownership of that volume to be owned by the + pod: \n 1. The owning GID will be the FSGroup 2. The setgid + bit is set (new files created in the volume will be owned + by FSGroup) 3. The permission bits are OR'd with rw-rw---- + \n If unset, the Kubelet will not modify the ownership and + permissions of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence + for that container. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process + run in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options within a container's + SecurityContext will be used. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + priorityClassName: + description: priorityClassName specifies the priority class for + the pod (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: probe contains the fields for standard Kubernetes + readiness/liveness probe configuration. + properties: + liveness: + description: liveness configures the Kubernetes probe settings. + The changes will override the existing default configuration. + properties: + failureThreshold: + description: failureThreshold is the minimum consecutive + failures for the probe to be considered failed. Confluent + Platform components come with the right configuration, + and this setting is not required to change most of the + time. + format: int32 + type: integer + initialDelaySeconds: + description: initialDelaySeconds is the number of seconds + after the container has started and before probes are + initiated. Confluent Platform components come with the + right configuration, and this setting is not required + to change most of the time. + format: int32 + type: integer + periodSeconds: + description: periodSeconds specifies how often to perform + the probe. Confluent Platform components come with the + right configuration, and this setting is not required + to change most of the time. + format: int32 + type: integer + successThreshold: + description: successThreshold is the minimum consecutive + successes for the probe to be considered successful + after having failed. The default values is `1`. Must + be `1` for liveness and startup. The minimum value is + `1`. + format: int32 + type: integer + timeoutSeconds: + description: timeoutSeconds is the number of seconds after + which the probe times out. Confluent Platform components + come with the right configuration, and this setting + is not required to change most of the time. + format: int32 + type: integer + type: object + readiness: + description: readiness configures the Kubernetes probe setting. + The changes will override the existing default configuration. + properties: + failureThreshold: + description: failureThreshold is the minimum consecutive + failures for the probe to be considered failed. Confluent + Platform components come with the right configuration, + and this setting is not required to change most of the + time. + format: int32 + type: integer + initialDelaySeconds: + description: initialDelaySeconds is the number of seconds + after the container has started and before probes are + initiated. Confluent Platform components come with the + right configuration, and this setting is not required + to change most of the time. + format: int32 + type: integer + periodSeconds: + description: periodSeconds specifies how often to perform + the probe. Confluent Platform components come with the + right configuration, and this setting is not required + to change most of the time. + format: int32 + type: integer + successThreshold: + description: successThreshold is the minimum consecutive + successes for the probe to be considered successful + after having failed. The default values is `1`. Must + be `1` for liveness and startup. The minimum value is + `1`. + format: int32 + type: integer + timeoutSeconds: + description: timeoutSeconds is the number of seconds after + which the probe times out. Confluent Platform components + come with the right configuration, and this setting + is not required to change most of the time. + format: int32 + type: integer + type: object + type: object + resources: + description: resources describe the compute resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the service account + used to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account.' + type: string + terminationGracePeriodSeconds: + description: terminationGracePeriodSeconds is the grace period + before the pod is deleted. + format: int64 + type: integer + tolerations: + description: tolerations specify the pods to schedule onto the + nodes with matching taints, using the triple `` + and the matching operator ``. + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: topologySpreadConstraints describe how a group of + pods ought to spread across topology domains. Scheduler will + schedule pods based on the constraints. All topologySpreadConstraints + are ANDed. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods + may be unevenly distributed. It''s the maximum permitted + difference between the number of matching pods in any + two topology domains of a given topology type. For example, + in a 3-zone cluster, MaxSkew is set to 1, and pods with + the same labelSelector spread as 1/1/0: | zone1 | zone2 + | zone3 | | P | P | | - if MaxSkew is 1, + incoming pod can only be scheduled to zone3 to become + 1/1/1; scheduling it onto zone1(zone2) would make the + ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - + if MaxSkew is 2, incoming pod can be scheduled onto any + zone. It''s a required field. Default value is 1 and 0 + is not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - + DoNotSchedule (default) tells the scheduler not to schedule + it - ScheduleAnyway tells the scheduler to still schedule + it It''s considered as "Unsatisfiable" if and only if + placing incoming pod on any topology violates "MaxSkew". + For example, in a 3-zone cluster, MaxSkew is set to 1, + and pods with the same labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | | P P P | P | P | If + WhenUnsatisfiable is set to DoNotSchedule, incoming pod + can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). + In other words, the cluster can still be imbalanced, but + scheduler won''t make it *more* imbalanced. It''s a required + field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + replicas: + description: replicas is the desired number of replicas. A change + to this setting will roll the cluster. + format: int32 + type: integer + telemetry: + description: telemetry specifies the Confluent telemetry reporter + configuration. + properties: + global: + description: global allows disabling telemetry configuration. + If CFK is deployed with telemetry, this field is only used to + disable telemetry. The default value is `true` if telemetry + is enabled at the global level. + type: boolean + type: object + tls: + description: tls specifies the TLS configurations for the REST API + endpoint. + properties: + autoGeneratedCerts: + description: autoGeneratedCerts specifies that the certificates + are auto-generated based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` is + not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether to ignore + the truststore configuration for the Confluent component. + type: boolean + jksPassword: + description: jksPassword references the secret containing the + JKS password. + properties: + secretRef: + description: 'secretRef references the name of the secret + containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing the certificates. + More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - image + - replicas + type: object + status: + description: status defines the observed state of the Schema Registry + cluster. + properties: + authorizationType: + description: authorizationType is the authorization type for this + Confluent component. + type: string + clusterName: + description: clusterName is the name of the Confluent Platform component + cluster. + type: string + clusterNamespace: + description: clusterNamespace is the namespace where the Confluent + Platform component cluster is running. + type: string + conditions: + description: conditions specify the latest available observations + of the current state. + items: + description: Condition represent the latest available observations + of the current state. + properties: + lastProbeTime: + description: lastProbeTime shows the last time the condition + was evaluated. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime shows the last time the condition + was transitioned from one status to another. + format: date-time + type: string + message: + description: message shows a human-readable message with details + about the transition. + type: string + reason: + description: reason shows the reason for the last transition + of the condition. + type: string + status: + description: status shows the status of the condition, one of + `True`, `False`, or `Unknown`. + type: string + type: + description: type shows the condition type. + type: string + type: object + type: array + currentReplicas: + description: currentReplicas is the number of currently running replicas. + format: int32 + type: integer + groupId: + description: groupId is the group id of the Schema Registry cluster. + type: string + internalSecrets: + description: internalSecrets are internal secrets created by CFK for + this Confluent component. + items: + type: string + type: array + internalTopicNames: + description: internalTopicNames are the topics used by the component + for internal use. + items: + type: string + type: array + kafka: + description: kafka is the Kafka client side status for the Schema + Registry cluster. + properties: + authenticationType: + description: authenticationType describes the authentication method + for the Kafka cluster. + type: string + bootstrapEndpoint: + description: bootstrapEndpoint specifies the Kafka bootstrap endpoint. + type: string + tls: + description: tls indicates whether TLS is enabled for the Kafka + dependency. + type: boolean + type: object + metricPrefix: + description: metricPrefix is the prefix for the JMX metric of the + Schema Registry cluster. + type: string + operatorVersion: + description: operatorVersion is the internal version of CFK. + type: string + phase: + description: phase describes the state of the Confluent Platform component. + type: string + rbac: + description: rbac contains the RBAC-related status when RBAC is enabled. + properties: + clusterId: + description: clusterId specifies the id of the cluster. + type: string + internalRolebindings: + description: internalRolebindings specifies the internal rolebindings. + items: + type: string + type: array + type: object + readyReplicas: + description: readyReplicas is the number of currently ready replicas. + format: int32 + type: integer + replicas: + description: replicas is the number of replicas. + format: int32 + type: integer + restConfig: + description: restConfig is the REST API configuration of the Schema + Registry cluster. + properties: + advertisedExternalEndpoints: + description: advertisedExternalEndpoints specifies other advertised + endpoints used, especially for Kafka. + items: + type: string + type: array + authenticationType: + description: authenticationType shows the authentication type + configured by the listener. + type: string + externalAccessType: + description: externalAccessType shows the external access type + used for the listener. + type: string + externalEndpoint: + description: externalEndpoint specifies the external endpoint + to connect to the Confluent component cluster. + type: string + internalEndpoint: + description: internalEndpoint specifies the internal endpoint + to connect to the Confluent component cluster. + type: string + tls: + description: tls shows whether TLS is configured for the listener. + type: boolean + type: object + selector: + description: selector gets the label selector of the child pod. The + Horizontal Pod Autoscaler(HPA) will scale using the label selector + of the child pod. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.2.1/crds/platform.confluent.io_schemas.yaml b/base/cfk-base/2.2.1/crds/platform.confluent.io_schemas.yaml new file mode 100644 index 0000000..e698837 --- /dev/null +++ b/base/cfk-base/2.2.1/crds/platform.confluent.io_schemas.yaml @@ -0,0 +1,401 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_schemas.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: schemas.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: Schema + listKind: SchemaList + plural: schemas + shortNames: + - schema + singular: schema + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.phase + name: Status + type: string + - jsonPath: .status.SchemaRegistryEndpoint + name: schemaregistry + priority: 1 + type: string + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec defines the desired state of the Schema. + properties: + data: + description: data defines the data required to create the schema. + properties: + configRef: + description: configRef is the name of the Kubernetes ConfigMap + resource containing the schema. + minLength: 1 + type: string + format: + description: format is the format type of the encoded schema. + Valid options are `avro`, `json`, and `protobuf`. + enum: + - avro + - json + - protobuf + minLength: 1 + type: string + required: + - configRef + - format + type: object + schemaReferences: + description: schemaReferences defines the schema references in the + schema data. + items: + description: SchemaReference is the schema to be used as a reference + for the new schema. + properties: + avro: + description: avro is the data for the referenced Avro schema. + properties: + avro: + description: name is the fully qualified name of the referenced + Avro schema. + minLength: 1 + type: string + required: + - avro + type: object + format: + description: format is the format type of the referenced schema. + Valid options are `avro`, `json`, and `protobuf`. + enum: + - avro + - json + - protobuf + minLength: 1 + type: string + json: + description: json is the data for the referenced JSON schema. + properties: + url: + description: url is the referenced JSON schema url. + minLength: 1 + type: string + required: + - url + type: object + protobuf: + description: protobuf is the data for the referenced Protobuf + schema. + properties: + file: + description: file is the file name of the referenced Protobuf + schema. + minLength: 1 + type: string + required: + - file + type: object + subject: + description: subject is the subject name for the referenced + schema through the configRef. + minLength: 1 + type: string + version: + description: version is the version type of the referenced schema. + format: int32 + type: integer + required: + - format + - subject + - version + type: object + type: array + schemaRegistryClusterRef: + description: schemaRegistryClusterRef references the CFK-managed Schema + Registry cluster. + properties: + name: + description: name specifies the name of the Confluent Platform + component cluster. + type: string + namespace: + description: namespace specifies the namespace where the Confluent + Platform component cluster is running. + type: string + required: + - name + type: object + schemaRegistryRest: + description: schemaRegistryRest specifies the Schema Registry REST + API configuration. + properties: + authentication: + description: authentication specifies the REST API authentication + mechanism. + properties: + basic: + description: basic specifies the basic authentication settings + for the REST API client. + properties: + secretRef: + description: secretRef references the name of the secret. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + bearer: + description: bearer specifies the bearer authentication settings + for the REST API client. + properties: + secretRef: + description: secretRef references the name of the secret. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: + description: type specifies the REST API authentication type. + Valid options are `basic`, `bearer`, and `mtls`. + enum: + - basic + - bearer + - mtls + type: string + required: + - type + type: object + endpoint: + description: endpoint specifies where Confluent REST API is running. + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: tls specifies the custom TLS structure for the application + resources, e.g. connector, topic, schema, of the Confluent Platform + components. + properties: + directoryPathInContainer: + description: directoryPathInContainer contains the directory + path in the container where `keystore.jks`, `truststore.jks`, + `jksPassword.txt` keys are mounted. + minLength: 1 + type: string + jksPassword: + description: jksPassword specifies the secret name that contains + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the secret + containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef specifies the secret name that contains + the certificates. More info about certificates key/value + format: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: object + required: + - data + type: object + status: + description: status defines the observed state of the Schema. + properties: + conditions: + description: conditions are the latest available observed state of + the schema. + items: + description: Condition represent the latest available observations + of the current state. + properties: + lastProbeTime: + description: lastProbeTime shows the last time the condition + was evaluated. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime shows the last time the condition + was transitioned from one status to another. + format: date-time + type: string + message: + description: message shows a human-readable message with details + about the transition. + type: string + reason: + description: reason shows the reason for the last transition + of the condition. + type: string + status: + description: status shows the status of the condition, one of + `True`, `False`, or `Unknown`. + type: string + type: + description: type shows the condition type. + type: string + type: object + type: array + deletedVersions: + description: deletedVersions are the successfully hard deleted versions + for the subject. + items: + format: int32 + type: integer + type: array + format: + description: format is the format of the latest schema for the subject. + type: string + id: + description: id is the id of the latest schema for the subject. + format: int32 + type: integer + schemaReferences: + description: schemaReferences are the schema references for the subject. + items: + description: SchemaReference is the schema to be used as a reference + for the new schema. + properties: + avro: + description: avro is the data for the referenced Avro schema. + properties: + avro: + description: name is the fully qualified name of the referenced + Avro schema. + minLength: 1 + type: string + required: + - avro + type: object + format: + description: format is the format type of the referenced schema. + Valid options are `avro`, `json`, and `protobuf`. + enum: + - avro + - json + - protobuf + minLength: 1 + type: string + json: + description: json is the data for the referenced JSON schema. + properties: + url: + description: url is the referenced JSON schema url. + minLength: 1 + type: string + required: + - url + type: object + protobuf: + description: protobuf is the data for the referenced Protobuf + schema. + properties: + file: + description: file is the file name of the referenced Protobuf + schema. + minLength: 1 + type: string + required: + - file + type: object + subject: + description: subject is the subject name for the referenced + schema through the configRef. + minLength: 1 + type: string + version: + description: version is the version type of the referenced schema. + format: int32 + type: integer + required: + - format + - subject + - version + type: object + type: array + schemaRegistryAuthenticationType: + description: schemaRegistryAuthenticationType is the authentication + method used. + type: string + schemaRegistryEndpoint: + description: schemaRegistryEndpoint is the Schema Registry REST endpoint. + type: string + schemaRegistryTLS: + description: schemaRegistryTLS shows whether the Schema Registry is + using TLS. + type: boolean + softDeletedVersions: + description: softDeletedVersions are the successfully soft deleted + versions for the subject. + items: + format: int32 + type: integer + type: array + state: + description: state is the state of the Schema CR. + type: string + subject: + description: subject is the subject of the schema. + type: string + version: + description: version is the version of the latest schema for the subject. + format: int32 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.2.1/crds/platform.confluent.io_zookeepers.yaml b/base/cfk-base/2.2.1/crds/platform.confluent.io_zookeepers.yaml new file mode 100644 index 0000000..0d0bb04 --- /dev/null +++ b/base/cfk-base/2.2.1/crds/platform.confluent.io_zookeepers.yaml @@ -0,0 +1,1735 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_zookeepers.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: zookeepers.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: Zookeeper + listKind: ZookeeperList + plural: zookeepers + shortNames: + - zookeeper + - zk + singular: zookeeper + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.replicas + name: Replicas + type: string + - jsonPath: .status.readyReplicas + name: Ready + type: string + - jsonPath: .status.phase + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.endpoint + name: Endpoint + priority: 1 + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: Zookeeper is the schema for the Zookeeper API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec defines the desired state of the Zookeeper cluster. + properties: + authentication: + description: authentication specifies the authentication configuration. + properties: + jaasConfig: + description: 'jaasConfig specifies the JaaS configuration. More + info: https://docs.confluent.io/operator/current/co-authenticate.html' + properties: + secretRef: + description: 'secretRef references the secret containing the + required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: 'jaasConfigPassThrough specifies another way to provide + JaaS configuration. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + properties: + directoryPathInContainer: + description: 'directoryPathInContainer specifies the directory + path in the container where required credentials are mounted. + More info: https://docs.confluent.io/operator/current/co-authenticate.html' + minLength: 1 + type: string + secretRef: + description: 'secretRef references the secret containing the + required credentials for authentication. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + principalMappingRules: + items: + type: string + type: array + type: + description: type specifies the Kafka or Zookeeper authentication + type. Valid options are `plain`, `digest`, and `mtls`. + enum: + - plain + - digest + - mtls + type: string + required: + - type + type: object + configOverrides: + description: configOverrides specifies configs to override the server/JVM/log4j/peer + properties for the Zookeeper cluster. A change to this property + will roll the cluster. + properties: + jvm: + description: jvm is a list of JVM configuration supported by the + Confluent Platform component. This will either add or update + the existing configuration. + items: + type: string + type: array + log4j: + description: log4j is a list of Log4J configuration supported + by the Confluent Platform component. This will either add or + update the existing configuration. + items: + type: string + type: array + peers: + description: peers specify a list of dynamic peer configurations + for the Zookeeper cluster. This is only required when deploying + stretch Zookeeper for MRC deployments and should include all + the Zookeeper peers in other DCs that form the ensemble. This + will either add or update the existing configuration. + items: + type: string + type: array + server: + description: server is a list of server configuration supported + by the Confluent Platform component. This will either add or + update existing configuration. + items: + type: string + type: array + type: object + dataVolumeCapacity: + anyOf: + - type: integer + - type: string + description: dataVolumeCapacity specifies the data volume size. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + image: + description: image specifies the application and the init docker image + configurations. A change to this setting will roll the cluster. + properties: + application: + description: application is the Docker image name of the application. + Specify `//:`. + pattern: .+:.+ + type: string + init: + description: init is the init-container name. Specify `//:`. + pattern: .+:.+ + type: string + pullPolicy: + description: pullPolicy is the policy for pulling images. Valid + options are `Always`, `Never`, and `IfNotPresent`. The default + value is `IfNotPresent`. + enum: + - Always + - Never + - IfNotPresent + type: string + pullSecretRef: + description: 'pullSecretRef references the secrets in the same + namespace to be used for pulling images. Image pull secrets + are distinct from secrets because secrets can be mounted in + the pod, but image pull secrets are only accessed by `kubelet`. + More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: injectAnnotations are the annotations injected to the + internal resources that CFK created. The internal annotations are + preserved and cannot be overridden. For pod annotations, use `podTemplate.annotations`. + type: object + injectLabels: + additionalProperties: + type: string + description: injectLabels are the labels injected to the internal + resources that CFK created. The internal labels are preserved and + cannot be overridden. For pod labels, use `podTemplate.labels`. + type: object + k8sClusterDomain: + description: k8sClusterDomain specifies the configuration of the Kubernetes + cluster domain. The default is the `cluster.local` domain. + type: string + license: + description: license specifies the license configuration for the Confluent + Platform component. + properties: + directoryPathInContainer: + description: 'directoryPathInContainer specifies the directory + path in the container where the license key is mounted. More + info: https://docs.confluent.io/operator/current/co-license.html#update-component-level-licenses' + minLength: 1 + type: string + globalLicense: + description: globalLicense specifies whether the Confluent Platform + component shares the CFK license. + type: boolean + secretRef: + description: 'secretRef references the secret that provides the + license for the Confluent Platform component. More info: https://docs.confluent.io/operator/current/co-license.html#update-component-level-licenses' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + logVolumeCapacity: + anyOf: + - type: integer + - type: string + description: logVolumeCapacity specifies the log volume size. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + metrics: + description: metrics specify the security settings for the metric + services. + properties: + authentication: + description: authentication specifies the authentication configuration + for the metrics. + properties: + type: + description: type specifies the metrics authentication method. + The valid option is `mtls`. + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: prometheus specifies the configuration overrides + for the JMX-Prometheus exporter. + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Rule defines the Prometheus Exporter rule override. + properties: + attrNameSnakeCase: + type: boolean + cache: + type: boolean + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: tls specifies the TLS configuration for the metrics. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether to ignore + the truststore configuration for the Confluent component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the secret + containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing the + certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: 'mountedSecrets list the secrets injected to the underlying + statefulset configuration. The secret reference is mounted in the + default path `/mnt/secrets/`. The underlying resources + will follow the secret as a file configuration. More info: https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod. + A change to this setting will roll the cluster.' + items: + description: MountedSecrets provides a way to inject a custom secret + to the underlying statefulset. + properties: + keyItems: + description: keyItems are key and path names. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be in + conflict with other options that affect the file mode, + like fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: secretRef references the name of the secret. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + oneReplicaPerNode: + description: oneReplicaPerNode controls whether to run 1 pod per node + using the pod anti-affinity capability. Enabling this configuration + in an existing cluster will roll the cluster. + type: boolean + podTemplate: + description: podTemplate specifies the statefulset pod template configuration. + properties: + affinity: + description: 'affinity specifies a group of affinity scheduling + rules. More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity.' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from + its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term + matches no objects. The requirements of them are + ANDed. The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node that + violates one or more of the expressions. The node that + is most preferred is the one with the greatest sum of + weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod + label update), the system may or may not try to eventually + evict the pod from its node. When there are multiple + elements, the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'annotations are unstructured key value maps stored + with the resource and may be set by external tools to store + and retrieve arbitrary metadata. They are not queryable and + should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations.' + type: object + envVars: + description: 'envVars contain environment variables to be injected + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container.' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'labels are maps of string keys and values that can + be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels.' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present + in container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to + all containers in a pod. Some volume types allow the Kubelet + to change the ownership of that volume to be owned by the + pod: \n 1. The owning GID will be the FSGroup 2. The setgid + bit is set (new files created in the volume will be owned + by FSGroup) 3. The permission bits are OR'd with rw-rw---- + \n If unset, the Kubelet will not modify the ownership and + permissions of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence + for that container. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process + run in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options within a container's + SecurityContext will be used. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + priorityClassName: + description: priorityClassName specifies the priority class for + the pod (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: probe contains the fields for standard Kubernetes + readiness/liveness probe configuration. + properties: + liveness: + description: liveness configures the Kubernetes probe settings. + The changes will override the existing default configuration. + properties: + failureThreshold: + description: failureThreshold is the minimum consecutive + failures for the probe to be considered failed. Confluent + Platform components come with the right configuration, + and this setting is not required to change most of the + time. + format: int32 + type: integer + initialDelaySeconds: + description: initialDelaySeconds is the number of seconds + after the container has started and before probes are + initiated. Confluent Platform components come with the + right configuration, and this setting is not required + to change most of the time. + format: int32 + type: integer + periodSeconds: + description: periodSeconds specifies how often to perform + the probe. Confluent Platform components come with the + right configuration, and this setting is not required + to change most of the time. + format: int32 + type: integer + successThreshold: + description: successThreshold is the minimum consecutive + successes for the probe to be considered successful + after having failed. The default values is `1`. Must + be `1` for liveness and startup. The minimum value is + `1`. + format: int32 + type: integer + timeoutSeconds: + description: timeoutSeconds is the number of seconds after + which the probe times out. Confluent Platform components + come with the right configuration, and this setting + is not required to change most of the time. + format: int32 + type: integer + type: object + readiness: + description: readiness configures the Kubernetes probe setting. + The changes will override the existing default configuration. + properties: + failureThreshold: + description: failureThreshold is the minimum consecutive + failures for the probe to be considered failed. Confluent + Platform components come with the right configuration, + and this setting is not required to change most of the + time. + format: int32 + type: integer + initialDelaySeconds: + description: initialDelaySeconds is the number of seconds + after the container has started and before probes are + initiated. Confluent Platform components come with the + right configuration, and this setting is not required + to change most of the time. + format: int32 + type: integer + periodSeconds: + description: periodSeconds specifies how often to perform + the probe. Confluent Platform components come with the + right configuration, and this setting is not required + to change most of the time. + format: int32 + type: integer + successThreshold: + description: successThreshold is the minimum consecutive + successes for the probe to be considered successful + after having failed. The default values is `1`. Must + be `1` for liveness and startup. The minimum value is + `1`. + format: int32 + type: integer + timeoutSeconds: + description: timeoutSeconds is the number of seconds after + which the probe times out. Confluent Platform components + come with the right configuration, and this setting + is not required to change most of the time. + format: int32 + type: integer + type: object + type: object + resources: + description: resources describe the compute resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the service account + used to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account.' + type: string + terminationGracePeriodSeconds: + description: terminationGracePeriodSeconds is the grace period + before the pod is deleted. + format: int64 + type: integer + tolerations: + description: tolerations specify the pods to schedule onto the + nodes with matching taints, using the triple `` + and the matching operator ``. + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: topologySpreadConstraints describe how a group of + pods ought to spread across topology domains. Scheduler will + schedule pods based on the constraints. All topologySpreadConstraints + are ANDed. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods + may be unevenly distributed. It''s the maximum permitted + difference between the number of matching pods in any + two topology domains of a given topology type. For example, + in a 3-zone cluster, MaxSkew is set to 1, and pods with + the same labelSelector spread as 1/1/0: | zone1 | zone2 + | zone3 | | P | P | | - if MaxSkew is 1, + incoming pod can only be scheduled to zone3 to become + 1/1/1; scheduling it onto zone1(zone2) would make the + ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - + if MaxSkew is 2, incoming pod can be scheduled onto any + zone. It''s a required field. Default value is 1 and 0 + is not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - + DoNotSchedule (default) tells the scheduler not to schedule + it - ScheduleAnyway tells the scheduler to still schedule + it It''s considered as "Unsatisfiable" if and only if + placing incoming pod on any topology violates "MaxSkew". + For example, in a 3-zone cluster, MaxSkew is set to 1, + and pods with the same labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | | P P P | P | P | If + WhenUnsatisfiable is set to DoNotSchedule, incoming pod + can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). + In other words, the cluster can still be imbalanced, but + scheduler won''t make it *more* imbalanced. It''s a required + field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + replicas: + description: replicas is the desired number of replicas. A change + to this setting will roll the cluster. + format: int32 + type: integer + storageClass: + description: storageClass specifies the user-provided storage class. + If not configured, the default storage class is used. + properties: + name: + description: name is the storage class name. + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: tls specifies the TLS configuration. + properties: + autoGeneratedCerts: + description: autoGeneratedCerts specifies that the certificates + are auto-generated based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` is + not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether to ignore + the truststore configuration for the Confluent component. + type: boolean + jksPassword: + description: jksPassword references the secret containing the + JKS password. + properties: + secretRef: + description: 'secretRef references the name of the secret + containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing the certificates. + More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - dataVolumeCapacity + - image + - logVolumeCapacity + - replicas + type: object + status: + description: status defines the observed state of the Zookeeper cluster. + properties: + authenticationType: + description: authenticationType is the authentication method for the + Zookeeper cluster. + type: string + authorizationType: + description: authorizationType is the authorization type for this + Confluent component. + type: string + clusterName: + description: clusterName is the name of the Confluent Platform component + cluster. + type: string + clusterNamespace: + description: clusterNamespace is the namespace where the Confluent + Platform component cluster is running. + type: string + conditions: + description: conditions specify the latest available observations + of the current state. + items: + description: Condition represent the latest available observations + of the current state. + properties: + lastProbeTime: + description: lastProbeTime shows the last time the condition + was evaluated. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime shows the last time the condition + was transitioned from one status to another. + format: date-time + type: string + message: + description: message shows a human-readable message with details + about the transition. + type: string + reason: + description: reason shows the reason for the last transition + of the condition. + type: string + status: + description: status shows the status of the condition, one of + `True`, `False`, or `Unknown`. + type: string + type: + description: type shows the condition type. + type: string + type: object + type: array + currentReplicas: + description: currentReplicas is the number of currently running replicas. + format: int32 + type: integer + endpoint: + description: endpoint is the Zookeeper cluster endpoint. + type: string + internalSecrets: + description: internalSecrets are internal secrets created by CFK for + this Confluent component. + items: + type: string + type: array + internalTopicNames: + description: internalTopicNames are the topics used by the component + for internal use. + items: + type: string + type: array + myIdOffset: + description: myIdOffset shows the MyId offset configuration. + format: int32 + type: integer + operatorVersion: + description: operatorVersion is the internal version of CFK. + type: string + phase: + description: phase describes the state of the Confluent Platform component. + type: string + readyReplicas: + description: readyReplicas is the number of currently ready replicas. + format: int32 + type: integer + replicas: + description: replicas is the number of replicas. + format: int32 + type: integer + selector: + description: selector gets the label selector of the child pod. The + Horizontal Pod Autoscaler(HPA) will scale using the label selector + of the child pod. + type: string + tls: + description: tls shows whether TLS is configured for the Zookeeper + cluster. + type: boolean + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.2.1/templates/clusterrole.yaml b/base/cfk-base/2.2.1/templates/clusterrole.yaml new file mode 100644 index 0000000..60b3daa --- /dev/null +++ b/base/cfk-base/2.2.1/templates/clusterrole.yaml @@ -0,0 +1,119 @@ +--- +# Source: confluent-for-kubernetes/templates/clusterrole.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: confluent-for-kubernetes + app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: confluent-for-kubernetes-0.304.17 + name: confluent-operator +rules: +- apiGroups: + - cluster.confluent.com + resources: + - zookeeperclusters + - zookeeperclusters/status + - zookeeperclusters/scale + - zookeeperclusters/finalizers + - kafkaclusters + - kafkaclusters/status + - kafkaclusters/scale + - kafkaclusters/finalizers + verbs: + - '*' +- apiGroups: + - operator.confluent.cloud + resources: + - physicalstatefulclusters + - physicalstatefulclusters/scale + - physicalstatefulclusters/status + - physicalstatefulclusters/finalizers + verbs: + - '*' +- apiGroups: + - platform.confluent.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - route.openshift.io + resources: + - routes + - routes/custom-host + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - apps + resources: + - statefulsets + - statefulsets/scale + - statefulsets/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps + - events + - persistentvolumeclaims + - secrets + - secrets/finalizers + - pods + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - networking.k8s.io + resources: + - ingresses + - ingresses/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list diff --git a/base/cfk-base/2.2.1/templates/clusterrolebinding.yaml b/base/cfk-base/2.2.1/templates/clusterrolebinding.yaml new file mode 100644 index 0000000..67edf99 --- /dev/null +++ b/base/cfk-base/2.2.1/templates/clusterrolebinding.yaml @@ -0,0 +1,21 @@ +--- +# Source: confluent-for-kubernetes/templates/clusterrolebinding.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: + app: confluent-for-kubernetes + app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: confluent-for-kubernetes-0.304.17 + name: confluent-operator +subjects: +- kind: ServiceAccount + name: confluent-for-kubernetes + namespace: default +roleRef: + kind: ClusterRole + name: confluent-operator + apiGroup: rbac.authorization.k8s.io diff --git a/base/cfk-base/2.2.1/templates/deployment.yaml b/base/cfk-base/2.2.1/templates/deployment.yaml new file mode 100644 index 0000000..4e8a888 --- /dev/null +++ b/base/cfk-base/2.2.1/templates/deployment.yaml @@ -0,0 +1,82 @@ +--- +# Source: confluent-for-kubernetes/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: confluent-for-kubernetes + app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: confluent-for-kubernetes-0.304.17 + version: 0.304.17 + name: confluent-operator + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: "confluent-operator" + app.kubernetes.io/instance: release-name + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: + prometheus.io/path: "/metrics" + prometheus.io/port: "7778" + prometheus.io/scrape: "true" + labels: + app: "confluent-operator" + app.kubernetes.io/name: "confluent-operator" + app.kubernetes.io/instance: release-name + confluent-platform: "true" + version: 0.304.17 + spec: + securityContext: + fsGroup: 1001 + runAsNonRoot: true + runAsUser: 1001 + containers: + - args: + - --debug=false + name: confluent-operator + image: docker.io/confluentinc/confluent-operator:0.304.17 + imagePullPolicy: IfNotPresent + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + readinessProbe: + httpGet: + port: 8080 + path: /readyz + livenessProbe: + httpGet: + port: 8080 + path: /healthz + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: NODEIP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_ENTITY_ID + valueFrom: + fieldRef: + fieldPath: metadata.uid + serviceAccountName: confluent-for-kubernetes + restartPolicy: Always + terminationGracePeriodSeconds: 30 diff --git a/base/cfk-base/2.2.1/templates/kustomization.yaml b/base/cfk-base/2.2.1/templates/kustomization.yaml new file mode 100644 index 0000000..e9867e7 --- /dev/null +++ b/base/cfk-base/2.2.1/templates/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - licensing.yaml + - clusterrole.yaml + - clusterrolebinding.yaml + - deployment.yaml + - service.yaml + - serviceaccount.yaml diff --git a/base/cfk-base/2.2.1/templates/licensing.yaml b/base/cfk-base/2.2.1/templates/licensing.yaml new file mode 100644 index 0000000..471fb94 --- /dev/null +++ b/base/cfk-base/2.2.1/templates/licensing.yaml @@ -0,0 +1,17 @@ +--- +# Source: confluent-for-kubernetes/templates/licensing.yaml +apiVersion: v1 +kind: Secret +metadata: + labels: + app: confluent-for-kubernetes + app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: confluent-for-kubernetes-0.304.17 + namespace: default + name: confluent-operator-licensing +type: Opaque +data: + publicKey.pem: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF2YUd5OFRPZGJDTXlTTTd6cVpzeApuNjJ5dUUrQmhJUGxjOXo5Y3RyWCt0QldOQ0NKZVBaYktIVFpTOXVLTGVLVWk5dTA3dHMvMzVYUm5FNEFURDZxCmx3am5Tb0pPa2VJWGNZaUorWEdFeE4xb1JFOFJsNW90dmRtSkVzYjlZNkpzZmUybFJDQ3NaTng2azFzMU5tUUYKUjR3blJpS3lsSWlZSjl1V1VHZkgxOEpLWnFNOHo5UXFrWi8relFrekhOWXNYbi9ZeVJ1RElRWGVVU2VjaHI5MwpKanQ3OUFpa3NraWNvVDA0bHF6L0dhSHoyV0pFeXV2TExFMWpOQk9Db21LbDA1UWIreXZKbUdudC83SFg2SFQ3CjNobkNYYnNsd3R6cDBDbWVHT2lKUmJKeGJhaGtURnFoMW9LcVpYVURDWnJLQ05OUnZYcU4vUUhxbmF3bzZrSnkKOHdJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0t diff --git a/base/cfk-base/2.2.1/templates/service.yaml b/base/cfk-base/2.2.1/templates/service.yaml new file mode 100644 index 0000000..fe27489 --- /dev/null +++ b/base/cfk-base/2.2.1/templates/service.yaml @@ -0,0 +1,24 @@ +--- +# Source: confluent-for-kubernetes/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + labels: + app: confluent-for-kubernetes + app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: confluent-for-kubernetes-0.304.17 + name: confluent-operator + namespace: default +spec: + ports: + - name: http-metric + port: 7778 + protocol: TCP + targetPort: 7778 + selector: + app: "confluent-operator" + app.kubernetes.io/name: "confluent-operator" + type: ClusterIP diff --git a/base/cfk-base/2.2.1/templates/serviceaccount.yaml b/base/cfk-base/2.2.1/templates/serviceaccount.yaml new file mode 100644 index 0000000..20b086e --- /dev/null +++ b/base/cfk-base/2.2.1/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +--- +# Source: confluent-for-kubernetes/templates/serviceaccount.yaml +apiVersion: v1 +imagePullSecrets: +- name: confluent-registry +kind: ServiceAccount +metadata: + labels: + app: confluent-for-kubernetes + app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: confluent-for-kubernetes-0.304.17 + name: confluent-for-kubernetes + namespace: default diff --git a/base/cfk-base/2.3.0/crds/kustomization.yaml b/base/cfk-base/2.3.0/crds/kustomization.yaml new file mode 100644 index 0000000..2cefffb --- /dev/null +++ b/base/cfk-base/2.3.0/crds/kustomization.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - platform.confluent.io_clusterlinks.yaml + - platform.confluent.io_confluentrolebindings.yaml + - platform.confluent.io_connectors.yaml + - platform.confluent.io_connects.yaml + - platform.confluent.io_controlcenters.yaml + - platform.confluent.io_kafkarestclasses.yaml + - platform.confluent.io_kafkarestproxies.yaml + - platform.confluent.io_kafkas.yaml + - platform.confluent.io_kafkatopics.yaml + - platform.confluent.io_ksqldbs.yaml + - platform.confluent.io_migrationjobs.yaml + - platform.confluent.io_schemaexporters.yaml + - platform.confluent.io_schemaregistries.yaml + - platform.confluent.io_schemas.yaml + - platform.confluent.io_zookeepers.yaml diff --git a/base/cfk-base/2.3.0/crds/platform.confluent.io_clusterlinks.yaml b/base/cfk-base/2.3.0/crds/platform.confluent.io_clusterlinks.yaml new file mode 100644 index 0000000..7cb8ade --- /dev/null +++ b/base/cfk-base/2.3.0/crds/platform.confluent.io_clusterlinks.yaml @@ -0,0 +1,463 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_clusterlinks.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + name: clusterlinks.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: ClusterLink + listKind: ClusterLinkList + plural: clusterlinks + shortNames: + - cl + - clusterlink + - clink + singular: clusterlink + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.clusterLinkID + name: ID + type: string + - jsonPath: .status.state + name: Status + type: string + - jsonPath: .status.destinationKafkaClusterID + name: DestClusterID + type: string + - jsonPath: .status.sourceKafkaClusterID + name: SrcClusterID + type: string + - jsonPath: .status.numMirrorTopics + name: MirrorTopicCount + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: ClusterLink is the schema for the ClusterLink API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec defines the desired state of the cluster link. + properties: + aclFilters: + description: aclFilters specify the list of ACLs to be migrated from + the source cluster to the destination cluster. + items: + description: 'AclFilter defines the configuration for the ACLs filter. + This follows the same pattern as defined in the cluster linking + documentation. More info: https://docs.confluent.io/platform/current/multi-dc-deployments/cluster-linking/security.html#cluster-link-acls-migrate' + properties: + accessFilter: + description: AclSyncAccessFilter defines the access filter for + ACLs. + properties: + host: + description: host is the host for which operations can be + coming from. The default value is `*` that matches all + hosts. + type: string + operation: + description: 'operation specifies the operation type of + the filter. It can be `ANY` or operations based on resource + type defined in the following Confluent documentation: + https://docs.confluent.io/platform/current/kafka/authorization.html#acl-operations' + type: string + permissionType: + description: permissionType is the permission type of the + filter. Valid options are `any`, `allow`, and `deny`. + enum: + - any + - allow + - deny + type: string + principal: + description: principal is the name of the principal. The + default value is `*`. + type: string + required: + - operation + - permissionType + type: object + resourceFilter: + description: AclSyncResourceFilter specifies the resource filter + for ACLs. + properties: + name: + description: name is the name of the resource associated + with this filter. The default value is `*`. + type: string + patternType: + description: patternType is the pattern of the resource. + Valid options are `prefixed`, `literal`, `any`, and `match`. + enum: + - prefixed + - literal + - any + - match + type: string + resourceType: + description: resourceType is the type of the filter. Valid + options are `any`, `cluster`, `group`, `topic`, `transactionId`, + and `delegationToken`. + enum: + - any + - cluster + - group + - topic + - transcationId + - delegationToken + type: string + required: + - patternType + - resourceType + type: object + required: + - accessFilter + - resourceFilter + type: object + type: array + configs: + additionalProperties: + type: string + description: 'configs is a map of string key and value pairs. It specifies + additional configurations for the cluster link. More info: https://docs.confluent.io/platform/current/multi-dc-deployments/cluster-linking/configs.html' + type: object + x-kubernetes-map-type: granular + consumerGroupFilters: + description: consumerGroupFilters specify a list of consumer groups + to be migrated from the source cluster to the destination cluster. + items: + description: ConsumerGroupFilter specifies a list of consumer groups + to be migrated from the source cluster to the destination cluster. + properties: + filterType: + description: filterType specifies the filter type. Valid options + are `INCLUDE` and `EXCLUDE`. + enum: + - INCLUDE + - EXCLUDE + type: string + name: + description: name is the resource name associated with this + filter. + type: string + patternType: + description: patternType is the pattern of the resource. Valid + options are `PREFIXED` and `LITERAL`. + enum: + - PREFIXED + - LITERAL + type: string + required: + - filterType + - name + - patternType + type: object + type: array + destinationKafkaCluster: + description: destinationKafkaCluster specifies the destination Kafka + cluster and its REST API configuration. The cluster link is set + up in the destination cluster. + properties: + kafkaRestClassRef: + description: kafkaRestClassRef references the KafkaRestClass application + resource. + properties: + name: + description: name specifies the name of the KafkaRestClass + application resource. + minLength: 1 + type: string + namespace: + description: namespace specifies the namespace of the KafkaRestClass. + type: string + required: + - name + type: object + required: + - kafkaRestClassRef + type: object + mirrorTopics: + description: mirrorTopics specify the mirror topics under this cluster + link. + items: + description: MirrorTopic defines the mirror topic configuration. + properties: + configs: + additionalProperties: + type: string + description: configs is a map of string key and value pairs. + It specifies any additional configuration or configuration + overrides for the mirror topic. + type: object + x-kubernetes-map-type: granular + name: + description: name is the mirror topic name. A topic with the + exact same name must exist on the source cluster, and no topic + with this name should exist on the destination cluster. + maxLength: 255 + minLength: 1 + pattern: ^[a-zA-Z0-9\._\-]*$ + type: string + state: + description: state specifies the desired state for this mirror + topic. Valid options are `ACTIVE`, `FAILOVER`, `PAUSE`, and + `PROMOTE`. The default value is `ACTIVE`. + enum: + - PAUSE + - PROMOTE + - FAILOVER + - ACTIVE + type: string + required: + - name + type: object + type: array + sourceKafkaCluster: + description: sourceKafkaCluster specifies the source Kafka cluster + and its REST API configuration. + properties: + authentication: + description: authentication specifies the authentication for the + source Kafka cluster. + properties: + jaasConfig: + description: jaasConfig specifies the Kafka client-side JaaS + configuration. + properties: + secretRef: + description: 'secretRef references the secret containing + the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: jaasConfigPassThrough specifies another way to + provide the Kafka client-side JaaS configuration. + properties: + directoryPathInContainer: + description: 'directoryPathInContainer specifies the directory + path in the container where required credentials are + mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + minLength: 1 + type: string + secretRef: + description: 'secretRef references the secret containing + the required credentials for authentication. More info: + https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + oauthbearer: + description: oauthbearer is the authentication mechanism to + provider principals. Only supported in RBAC deployment. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where the credential is mounted. + minLength: 1 + type: string + secretRef: + description: 'secretRef specifies the name of the secret + that contains the credential. More info: https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the Kafka client authentication + type. Valid options are `plain`, `oauthbearer`, `digest`, + and `mtls`. + enum: + - plain + - oauthbearer + - digest + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: bootstrapEndpoint specifies the bootstrap endpoint + for the source Kafka cluster. + minLength: 1 + pattern: .+:[0-9]+ + type: string + clusterID: + description: clusterID specifies the id of the source Kafka cluster. + If clusterID is defined for the source Kafka cluster, it takes + precedence over using the REST API for getting the cluster ID. + minLength: 1 + type: string + kafkaRestClassRef: + description: kafkaRestClassRef references the KafkaRestClass application + resource which defines the Kafka REST API connection information. + This is optional if the `clusterID` is set. + properties: + name: + description: name specifies the name of the KafkaRestClass + application resource. + minLength: 1 + type: string + namespace: + description: namespace specifies the namespace of the KafkaRestClass. + type: string + required: + - name + type: object + tls: + description: tls specifies the client-side TLS configuration for + the source Kafka cluster. + properties: + enabled: + description: enabled specifies whether to enable the TLS configuration + for the cluster link. The default value is `false`. + type: boolean + keyPassword: + description: keyPassword references the secret containing + the SSL key password if the private key passed in the secretRef + above is encrypted. + properties: + secretRef: + description: 'secretRef references the name of the secret + containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing the + certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + required: + - bootstrapEndpoint + type: object + required: + - destinationKafkaCluster + - sourceKafkaCluster + type: object + status: + description: status defines the observed state of the cluster link. + properties: + clusterLinkID: + description: clusterLinkID is the id of the cluster link. + type: string + clusterLinkName: + description: clusterLinkName is the name of the cluster link. + type: string + conditions: + description: conditions are the latest available observations of the + cluster link's state. + items: + description: Condition represent the latest available observations + of the current state. + properties: + lastProbeTime: + description: lastProbeTime shows the last time the condition + was evaluated. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime shows the last time the condition + was transitioned from one status to another. + format: date-time + type: string + message: + description: message shows a human-readable message with details + about the transition. + type: string + reason: + description: reason shows the reason for the last transition + of the condition. + type: string + status: + description: status shows the status of the condition, one of + `True`, `False`, or `Unknown`. + type: string + type: + description: type shows the condition type. + type: string + type: object + type: array + destinationKafkaClusterID: + description: destinationKafkaClusterID is the ID of the destination + Kafka cluster. + type: string + kafkaCluster: + description: 'kafkaCluster is the Kafka cluster this cluster link + belongs to. The format is: `/`' + type: string + mirrorTopics: + additionalProperties: + type: string + description: mirrorTopics is a map of string key and value pairs for + all the mirror topics of the cluster link along with their status. + type: object + x-kubernetes-map-type: granular + numMirrorTopics: + description: numMirrorTopics is the number of mirror topics for the + cluster link. + type: integer + sourceKafkaClusterID: + description: sourceKafkaClusterID is the ID of the source Kafka cluster. + type: string + state: + description: state is the current state of the cluster link. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.3.0/crds/platform.confluent.io_confluentrolebindings.yaml b/base/cfk-base/2.3.0/crds/platform.confluent.io_confluentrolebindings.yaml new file mode 100644 index 0000000..4b6978e --- /dev/null +++ b/base/cfk-base/2.3.0/crds/platform.confluent.io_confluentrolebindings.yaml @@ -0,0 +1,284 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_confluentrolebindings.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + name: confluentrolebindings.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: ConfluentRolebinding + listKind: ConfluentRolebindingList + plural: confluentrolebindings + shortNames: + - cfrb + - confluentrolebinding + singular: confluentrolebinding + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.state + name: Status + type: string + - jsonPath: .status.kafkaClusterID + name: KafkaClusterID + type: string + - jsonPath: .status.principal + name: Principal + type: string + - jsonPath: .status.role + name: Role + type: string + - jsonPath: .status.kafkaRestClass + name: KafkaRestClass + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.kafkaCluster + name: KafkaCluster + priority: 1 + type: string + - jsonPath: .status.clusterRegistryName + name: ClusterRegistryName + priority: 1 + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: ConfluentRolebinding is the schema for the ConfluentRolebinding + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec defines the desired state of the ConfluentRolebinding. + properties: + clustersScopeByIds: + description: clustersScopeByIds specify the scope of the Confluent + component cluster(s) via cluster id(s). + properties: + connectClusterId: + description: connectClusterId specifies the Connect cluster id. + minLength: 1 + type: string + kafkaClusterId: + description: kafkaClusterId specifies the id of the Kafka cluster + id. + minLength: 1 + type: string + ksqlClusterId: + description: ksqlClusterId specifies the ksqlDB cluster id. + minLength: 1 + type: string + schemaRegistryClusterId: + description: schemaRegistryClusterId specifies the Schema Registry + cluster id. + minLength: 1 + type: string + type: object + clustersScopeByRegistryName: + description: clustersScopeByRegistryName specifies the unique cluster + name you registered in the cluster registry. + minLength: 1 + type: string + kafkaRestClassRef: + description: kafkaRestClassRef references the KafkaRestClass that + defines the Kafka REST API connection information. + properties: + name: + description: name specifies the name of the KafkaRestClass application + resource. + minLength: 1 + type: string + namespace: + description: namespace specifies the namespace of the KafkaRestClass. + type: string + required: + - name + type: object + principal: + description: RolebindingPrincipal defines the principal(user/group) + the rolebinding belongs to. + properties: + name: + description: name specifies the name of the principal. + minLength: 1 + type: string + type: + description: type specifies the type of the principal. Valid options + are `user` and `group`. + enum: + - user + - group + type: string + required: + - name + - type + type: object + resourcePatterns: + description: resourcePatterns specify the qualified resources associated + with this rolebinding. + items: + description: ResourcePattern specifies the qualified resource info + associated with this rolebinding. + properties: + name: + description: name specifies the name of the resource associated + with this rolebinding. + minLength: 1 + type: string + patternType: + description: patternType specifies the pattern of the resource. + Valid options are `PREFIXED` or `LITERAL`. The default value + is `LITERAL`. + enum: + - PREFIXED + - LITERAL + type: string + resourceType: + description: resourceType refers to the type of the resource. + minLength: 1 + type: string + required: + - name + - resourceType + type: object + type: array + role: + description: role specifies the name of the role. + minLength: 1 + type: string + required: + - principal + - role + type: object + status: + description: status is the observed state of the ConfluentRolebinding. + properties: + clusterRegistryName: + description: clusterRegistryName is the cluster registry name the + rolebinding associated with. + type: string + conditions: + description: conditions are the latest available observations of the + rolebinding's state. + items: + description: Condition represent the latest available observations + of the current state. + properties: + lastProbeTime: + description: lastProbeTime shows the last time the condition + was evaluated. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime shows the last time the condition + was transitioned from one status to another. + format: date-time + type: string + message: + description: message shows a human-readable message with details + about the transition. + type: string + reason: + description: reason shows the reason for the last transition + of the condition. + type: string + status: + description: status shows the status of the condition, one of + `True`, `False`, or `Unknown`. + type: string + type: + description: type shows the condition type. + type: string + type: object + type: array + kafkaCluster: + description: 'kafkaCluster is the Kafka cluster the rolebinding belongs + to. The format is: `/`.' + type: string + kafkaClusterID: + description: kafkaClusterID is the id of the Kafka cluster. + type: string + kafkaRestClass: + description: 'kafkaRestClass is the kafkaRestClass this rolebinding + uses. The format is: `/`.' + type: string + mdsEndpoint: + description: mdsEndpoint is the MDS endpoint. + type: string + principal: + description: 'principal is the principal the rolebinding belongs to. + The format is: `:`.' + type: string + resourcePatterns: + description: resourcePatterns are the resource patterns this rolebinding + is associated with. + items: + description: ResourcePattern specifies the qualified resource info + associated with this rolebinding. + properties: + name: + description: name specifies the name of the resource associated + with this rolebinding. + minLength: 1 + type: string + patternType: + description: patternType specifies the pattern of the resource. + Valid options are `PREFIXED` or `LITERAL`. The default value + is `LITERAL`. + enum: + - PREFIXED + - LITERAL + type: string + resourceType: + description: resourceType refers to the type of the resource. + minLength: 1 + type: string + required: + - name + - resourceType + type: object + type: array + role: + description: role is the role this rolebinding is associated with. + type: string + state: + description: state is the state of this rolebinding. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.3.0/crds/platform.confluent.io_connectors.yaml b/base/cfk-base/2.3.0/crds/platform.confluent.io_connectors.yaml new file mode 100644 index 0000000..1759980 --- /dev/null +++ b/base/cfk-base/2.3.0/crds/platform.confluent.io_connectors.yaml @@ -0,0 +1,398 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_connectors.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + name: connectors.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: Connector + listKind: ConnectorList + plural: connectors + shortNames: + - ctr + - connector + singular: connector + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.state + name: Status + type: string + - jsonPath: .status.connectorState + name: ConnectorStatus + type: string + - jsonPath: .status.tasksReady + name: Tasks-Ready + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.connectRestEndpoint + name: ConnectEndpoint + priority: 1 + type: string + - jsonPath: .status.failedTasksCount + name: Tasks-Failed + priority: 1 + type: string + - jsonPath: .status.workerID + name: WorkerID + priority: 1 + type: string + - jsonPath: .status.restartPolicy.type + name: RestartPolicy + priority: 1 + type: string + - jsonPath: .status.kafkaClusterID + name: KafkaClusterID + priority: 1 + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: Connector is the schema for the Connector API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec defines the desired state of the Connector. + properties: + class: + description: class specifies the class name of the connector. The + Connect cluster displays the supported class names in its status. + minLength: 1 + type: string + configs: + additionalProperties: + type: string + description: configs is a map of string key and value pairs. It specifies + the additional configurations for the connector. + type: object + x-kubernetes-map-type: granular + connectClusterRef: + description: connectClusterRef references the CFK managed Connect + cluster. + properties: + name: + description: name specifies the name of the Confluent Platform + component cluster. + type: string + namespace: + description: namespace specifies the namespace where the Confluent + Platform component cluster is running. + type: string + required: + - name + type: object + connectRest: + description: connectRest specifies the Connect REST API connection + configuration. + properties: + authentication: + description: authentication specifies the REST API authentication + mechanism. + properties: + basic: + description: basic specifies the basic authentication settings + for the REST API client. + properties: + debug: + description: debug enables the basic authentication debug + logs for JaaS configuration. + type: boolean + directoryPathInContainer: + description: 'directoryPathInContainer allows to pass + the basic credential through a directory path in the + container. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + minLength: 1 + type: string + restrictedRoles: + description: restrictedRoles specify the restricted roles + on the server side only. Changes will be only reflected + in Control Center. This configuration is ignored on + the client side configuration. + items: + type: string + minItems: 1 + type: array + roles: + description: roles specify the roles on the server side + only. This configuration is ignored on the client side + configuration. + items: + type: string + type: array + secretRef: + description: 'secretRef defines secret reference to pass + the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + bearer: + description: bearer specifies the bearer authentication settings + for the REST API client. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where the credential is mounted. + minLength: 1 + type: string + secretRef: + description: 'secretRef specifies the name of the secret + that contains the credential. More info: https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the REST API authentication type. + Valid options are `basic`, `bearer`, and `mtls`. + enum: + - basic + - bearer + - mtls + type: string + required: + - type + type: object + endpoint: + description: endpoint specifies where Confluent REST API is running. + minLength: 1 + pattern: ^https?://.* + type: string + kafkaClusterID: + description: kafkaClusterID specifies the id of Kafka cluster. + It takes precedence over using the Kafka REST API to get the + cluster id. + minLength: 1 + type: string + tls: + description: tls specifies the custom TLS structure for the application + resources, e.g. connector, topic, schema, of the Confluent Platform + components. + properties: + directoryPathInContainer: + description: directoryPathInContainer contains the directory + path in the container where `keystore.jks`, `truststore.jks`, + `jksPassword.txt` keys are mounted. + minLength: 1 + type: string + jksPassword: + description: jksPassword specifies the secret name that contains + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the secret + containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef specifies the secret name that contains + the certificates. More info about certificates key/value + format: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: object + name: + description: name specifies the connector name. If not configured, + the Connector CR name is used as the connector name. + maxLength: 255 + minLength: 1 + pattern: ^[a-zA-Z0-9\._\-]*$ + type: string + restartPolicy: + description: restartPolicy specifies the policy to restart failed + tasks of the connector. + properties: + maxRetry: + description: maxRetry specifies the max number of tries to restart + failed tasks when the `restartPolicy` type is `OnFailure`. The + default value is `10`. + format: int32 + minimum: 1 + type: integer + type: + description: type specifies the policy type to restart connector + tasks. Valid options are `OnFailure` and `Never`. Default value + is `OnFailure`, which means it will restart automatically when + a task fails if the `maxRetry` value is not reached. + enum: + - OnFailure + - Never + type: string + required: + - type + type: object + taskMax: + description: taskMax specifies the maximum number of tasks for the + connector. It must be greater than 0. The connector may create fewer + tasks if it cannot achieve this level of parallelism. + format: int32 + minimum: 1 + type: integer + required: + - class + - taskMax + type: object + status: + description: status defines the observed state of the Connector. + properties: + conditions: + description: conditions are the latest available observations of the + connector state. + items: + description: Condition represent the latest available observations + of the current state. + properties: + lastProbeTime: + description: lastProbeTime shows the last time the condition + was evaluated. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime shows the last time the condition + was transitioned from one status to another. + format: date-time + type: string + message: + description: message shows a human-readable message with details + about the transition. + type: string + reason: + description: reason shows the reason for the last transition + of the condition. + type: string + status: + description: status shows the status of the condition, one of + `True`, `False`, or `Unknown`. + type: string + type: + description: type shows the condition type. + type: string + type: object + type: array + connectRestEndpoint: + description: connectRestEndpoint is the REST endpoint of the Connect + cluster. + type: string + connectorState: + description: connectorState is the status of the connector instance. + type: string + failedTasks: + additionalProperties: + description: TaskStatus defines the connector task status. + properties: + id: + description: Id is the id of the task. + format: int32 + type: integer + retryCount: + description: retryCount is the number of retry attempts to restart + the failed task. + format: int32 + type: integer + workerID: + description: workerID is the workerId for the task. + type: string + required: + - id + type: object + description: failedTasks is the map of connector tasks in the `FAILED` + state. Error messages of failed tasks are logged in the CFK logs + as `INFO`. You can also get the error message via Connect REST API + calls. + type: object + x-kubernetes-map-type: granular + failedTasksCount: + description: failedTasksCount is the number of failed tasks. + format: int32 + type: integer + kafkaClusterID: + description: kafkaClusterID is the Kafka cluster id the connector + belongs to. + type: string + restartPolicy: + description: restartPolicy is the policy to restart failed tasks of + the connector. + properties: + maxRetry: + description: maxRetry specifies the max number of tries to restart + failed tasks when the `restartPolicy` type is `OnFailure`. The + default value is `10`. + format: int32 + minimum: 1 + type: integer + type: + description: type specifies the policy type to restart connector + tasks. Valid options are `OnFailure` and `Never`. Default value + is `OnFailure`, which means it will restart automatically when + a task fails if the `maxRetry` value is not reached. + enum: + - OnFailure + - Never + type: string + required: + - type + type: object + state: + description: state is the custom resource state of the connector. + This is not the connector state, which can be `CREATED`, `ERROR`, + etc. + type: string + tasksReady: + description: 'tasksReady is the number of running tasks based on `taskMax`. + The value is in the following format: `/`' + type: string + trace: + description: trace is the error trace message for the connector instance. + type: string + workerID: + description: workerID is the workerId of the connector instance. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.3.0/crds/platform.confluent.io_connects.yaml b/base/cfk-base/2.3.0/crds/platform.confluent.io_connects.yaml new file mode 100644 index 0000000..3046456 --- /dev/null +++ b/base/cfk-base/2.3.0/crds/platform.confluent.io_connects.yaml @@ -0,0 +1,5601 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_connects.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + name: connects.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: Connect + listKind: ConnectList + plural: connects + shortNames: + - connect + singular: connect + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.replicas + name: Replicas + type: string + - jsonPath: .status.readyReplicas + name: Ready + type: string + - jsonPath: .status.phase + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.kafka.bootstrapEndpoint + name: Kafka + priority: 1 + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: Connect is the schema for the Connect API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec defines the desired state of the Connect cluster. + properties: + authentication: + description: authentication specifies authentication configuration. + properties: + basic: + description: basic specifies the configuration for basic authentication. + properties: + debug: + description: debug enables the basic authentication debug + logs for JaaS configuration. + type: boolean + directoryPathInContainer: + description: 'directoryPathInContainer allows to pass the + basic credential through a directory path in the container. + More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + minLength: 1 + type: string + restrictedRoles: + description: restrictedRoles specify the restricted roles + on the server side only. Changes will be only reflected + in Control Center. This configuration is ignored on the + client side configuration. + items: + type: string + minItems: 1 + type: array + roles: + description: roles specify the roles on the server side only. + This configuration is ignored on the client side configuration. + items: + type: string + type: array + secretRef: + description: 'secretRef defines secret reference to pass the + required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the authentication scheme for the + REST API server. Valid options are `basic` and `mtls`. + enum: + - basic + - mtls + type: string + required: + - type + type: object + authorization: + description: authorization specifies the authorization configuration. + properties: + kafkaRestClassRef: + description: kafkaRestClassRef references the KafkaRestClass which + specifies the Kafka REST API connection configuration. + properties: + name: + description: name specifies the name of the KafkaRestClass + application resource. + minLength: 1 + type: string + namespace: + description: namespace specifies the namespace of the KafkaRestClass. + type: string + required: + - name + type: object + type: + description: type specifies the client-side authorization type. + The valid option is `rbac`. + enum: + - rbac + type: string + required: + - type + type: object + build: + description: build defines the build configurations for connector + plugins. + properties: + onDemand: + description: OnDemand defines the build configurations for the + `onDemand` build type. + properties: + plugins: + description: plugins define the installation information for + connector plugins. + properties: + confluentHub: + description: confluentHub contains a list of connector + plugins you get from Confluent Hub. + items: + description: ConfluentHubPlugin contains the required + information to get the connector plugin from Confluent + Hub. + properties: + name: + description: name specifies the name of the connector + plugin. + minLength: 1 + type: string + owner: + description: owner specifies the individual or organization + that provides the connector plugin, for example, + `confluentinc`. + minLength: 1 + type: string + version: + description: version specifies the version of the + connector plugin, which can be either the version + of the plugin or the literal `latest`. + minLength: 1 + type: string + required: + - name + - owner + - version + type: object + type: array + locationType: + description: locationType specifies where to get connector + plugins. Valid options are `confluentHub` and `url`. + enum: + - confluentHub + - url + type: string + url: + description: url contains a list of URL plugins you get + from external URLs. + items: + description: URLPlugin defines the information to get + the connector plugin from an external URL. + properties: + archivePath: + description: archivePath specifies the archive path + of the connector plugin. + minLength: 1 + pattern: ^https?://.* + type: string + checksum: + description: checksum defines the sha512sum checksum + of the connector plugin's remote file. It is used + to verify the remote file after it is downloaded. + type: string + name: + description: name specifies the connector plugin + name. + minLength: 1 + type: string + required: + - archivePath + - checksum + - name + type: object + type: array + required: + - locationType + type: object + storageLimit: + anyOf: + - type: integer + - type: string + description: storageLimit specifies the max amount of node + volume that can be used to store connector plugins. The + default value is `4G`. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - plugins + type: object + type: + description: type specifies the build type for connector plugins. + Currently only the `onDemand` type is supported. + enum: + - onDemand + type: string + required: + - type + type: object + configOverrides: + description: configOverrides specifies the configs to override the + server, JVM, Log4j properties for the Connect cluster. + properties: + jvm: + description: jvm is a list of JVM configuration supported by the + Confluent Platform component. This will either add or update + the existing configuration. + items: + type: string + type: array + log4j: + description: log4j is a list of Log4J configuration supported + by the Confluent Platform component. This will either add or + update the existing configuration. + items: + type: string + type: array + server: + description: server is a list of server configuration supported + by the Confluent Platform component. This will either add or + update existing configuration. + items: + type: string + type: array + type: object + connectorOverridePolicy: + description: 'connectorOverridePolicy allows the policy to permit + per-connector override configuration for producer/consumer/admin + prefix. More info: https://docs.confluent.io/platform/current/connect/security.html#separate-principals' + enum: + - All + - Principal + type: string + connectorTLSCerts: + description: connectorTLSCerts are the custom TLS certificates injected + into the Connect cluster for connectors to use. Check the Connect + status for the mount path of the certificates. A change will roll + the cluster. + items: + description: CustomTLSCertificate defines the custom TLS structure + for the application resources (connector, topic, schema, etc.) + of the Confluent Platform component. + properties: + directoryPathInContainer: + description: directoryPathInContainer contains the directory + path in the container where `keystore.jks`, `truststore.jks`, + `jksPassword.txt` keys are mounted. + minLength: 1 + type: string + jksPassword: + description: jksPassword specifies the secret name that contains + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the secret + containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef specifies the secret name that contains + the certificates. More info about certificates key/value format: + https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: array + dependencies: + description: ConnectDependencies contains the dependencies the Connect + requires or can enable. + properties: + admin: + description: admin contains the security configuration to connect + to the admin client. If `bootstrapEndpoint` is not configured, + the security is configured based on the Kafka dependency configuration. + Configure this property if different bootstrap endpoint is required + for the admin client. + properties: + authentication: + description: authentication defines the authentication for + the Kafka cluster. + properties: + jaasConfig: + description: jaasConfig specifies the Kafka client-side + JaaS configuration. + properties: + secretRef: + description: 'secretRef references the secret containing + the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: jaasConfigPassThrough specifies another way + to provide the Kafka client-side JaaS configuration. + properties: + directoryPathInContainer: + description: 'directoryPathInContainer specifies the + directory path in the container where required credentials + are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + minLength: 1 + type: string + secretRef: + description: 'secretRef references the secret containing + the required credentials for authentication. More + info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + oauthbearer: + description: oauthbearer is the authentication mechanism + to provider principals. Only supported in RBAC deployment. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the + directory path in the container where the credential + is mounted. + minLength: 1 + type: string + secretRef: + description: 'secretRef specifies the name of the + secret that contains the credential. More info: + https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the Kafka client authentication + type. Valid options are `plain`, `oauthbearer`, `digest`, + and `mtls`. + enum: + - plain + - oauthbearer + - digest + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: bootstrapEndpoint specifies the Kafka bootstrap + endpoint. + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: discovery specifies the capability to discover + the Kafka cluster. + properties: + name: + description: name is the name of the Confluent Platform + component cluster. + type: string + namespace: + description: namespace is where the Confluent Platform + component is running. The default value is the namespace + where CFK is running. + type: string + secretRef: + description: secretRef is the name of the secret used + to discover the Confluent Platform component. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: tls defines the client-side TLS setting for the + Kafka cluster. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the + secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + consumer: + description: consumer contains the security configuration to connect + to the Kafka cluster. It is used for sink connectors. If `bootstrapEndpoint` + is not configured, the security is configured based on the Kafka + dependency configuration. Configure this property if different + bootstrap endpoint is required for the consumer. + properties: + authentication: + description: authentication defines the authentication for + the Kafka cluster. + properties: + jaasConfig: + description: jaasConfig specifies the Kafka client-side + JaaS configuration. + properties: + secretRef: + description: 'secretRef references the secret containing + the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: jaasConfigPassThrough specifies another way + to provide the Kafka client-side JaaS configuration. + properties: + directoryPathInContainer: + description: 'directoryPathInContainer specifies the + directory path in the container where required credentials + are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + minLength: 1 + type: string + secretRef: + description: 'secretRef references the secret containing + the required credentials for authentication. More + info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + oauthbearer: + description: oauthbearer is the authentication mechanism + to provider principals. Only supported in RBAC deployment. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the + directory path in the container where the credential + is mounted. + minLength: 1 + type: string + secretRef: + description: 'secretRef specifies the name of the + secret that contains the credential. More info: + https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the Kafka client authentication + type. Valid options are `plain`, `oauthbearer`, `digest`, + and `mtls`. + enum: + - plain + - oauthbearer + - digest + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: bootstrapEndpoint specifies the Kafka bootstrap + endpoint. + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: discovery specifies the capability to discover + the Kafka cluster. + properties: + name: + description: name is the name of the Confluent Platform + component cluster. + type: string + namespace: + description: namespace is where the Confluent Platform + component is running. The default value is the namespace + where CFK is running. + type: string + secretRef: + description: secretRef is the name of the secret used + to discover the Confluent Platform component. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: tls defines the client-side TLS setting for the + Kafka cluster. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the + secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + interceptor: + description: interceptor contains the dependency configuration + for the monitoring interceptor. + properties: + configs: + description: configs describe the configurations for the Confluent + Platform interceptor. The config override feature can be + used to pass the configuration settings. + items: + type: string + type: array + consumer: + description: consumer specifies the consumer configuration + for the interceptor. If not configured, it uses the Kafka + dependency configuration. + properties: + authentication: + description: authentication defines the authentication + for the Kafka cluster. + properties: + jaasConfig: + description: jaasConfig specifies the Kafka client-side + JaaS configuration. + properties: + secretRef: + description: 'secretRef references the secret + containing the required credentials. More info: + https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: jaasConfigPassThrough specifies another + way to provide the Kafka client-side JaaS configuration. + properties: + directoryPathInContainer: + description: 'directoryPathInContainer specifies + the directory path in the container where required + credentials are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + minLength: 1 + type: string + secretRef: + description: 'secretRef references the secret + containing the required credentials for authentication. + More info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + oauthbearer: + description: oauthbearer is the authentication mechanism + to provider principals. Only supported in RBAC deployment. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies + the directory path in the container where the + credential is mounted. + minLength: 1 + type: string + secretRef: + description: 'secretRef specifies the name of + the secret that contains the credential. More + info: https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the Kafka client authentication + type. Valid options are `plain`, `oauthbearer`, + `digest`, and `mtls`. + enum: + - plain + - oauthbearer + - digest + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: bootstrapEndpoint specifies the Kafka bootstrap + endpoint. + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: discovery specifies the capability to discover + the Kafka cluster. + properties: + name: + description: name is the name of the Confluent Platform + component cluster. + type: string + namespace: + description: namespace is where the Confluent Platform + component is running. The default value is the namespace + where CFK is running. + type: string + secretRef: + description: secretRef is the name of the secret used + to discover the Confluent Platform component. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: tls defines the client-side TLS setting for + the Kafka cluster. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the + directory path in the container where `keystore.jks`, + `truststore.jks`, and `jksPassword.txt` keys are + mounted. `truststore.jks` is not configured and + can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of + the secret containing the JKS password. More + info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + enabled: + description: enabled indicates whether the Confluent Platform + interceptor is enabled or disabled. + type: boolean + producer: + description: producer specifies the producer configuration + for the interceptor. If not configured, it uses the Kafka + dependency configuration. + properties: + authentication: + description: authentication defines the authentication + for the Kafka cluster. + properties: + jaasConfig: + description: jaasConfig specifies the Kafka client-side + JaaS configuration. + properties: + secretRef: + description: 'secretRef references the secret + containing the required credentials. More info: + https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: jaasConfigPassThrough specifies another + way to provide the Kafka client-side JaaS configuration. + properties: + directoryPathInContainer: + description: 'directoryPathInContainer specifies + the directory path in the container where required + credentials are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + minLength: 1 + type: string + secretRef: + description: 'secretRef references the secret + containing the required credentials for authentication. + More info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + oauthbearer: + description: oauthbearer is the authentication mechanism + to provider principals. Only supported in RBAC deployment. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies + the directory path in the container where the + credential is mounted. + minLength: 1 + type: string + secretRef: + description: 'secretRef specifies the name of + the secret that contains the credential. More + info: https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the Kafka client authentication + type. Valid options are `plain`, `oauthbearer`, + `digest`, and `mtls`. + enum: + - plain + - oauthbearer + - digest + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: bootstrapEndpoint specifies the Kafka bootstrap + endpoint. + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: discovery specifies the capability to discover + the Kafka cluster. + properties: + name: + description: name is the name of the Confluent Platform + component cluster. + type: string + namespace: + description: namespace is where the Confluent Platform + component is running. The default value is the namespace + where CFK is running. + type: string + secretRef: + description: secretRef is the name of the secret used + to discover the Confluent Platform component. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: tls defines the client-side TLS setting for + the Kafka cluster. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the + directory path in the container where `keystore.jks`, + `truststore.jks`, and `jksPassword.txt` keys are + mounted. `truststore.jks` is not configured and + can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of + the secret containing the JKS password. More + info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + publishMs: + type: integer + required: + - enabled + type: object + kafka: + description: kafka contains the Connect dependency for connecting + to Kafka. The discovery method is used if this is not specified. + properties: + authentication: + description: authentication defines the authentication for + the Kafka cluster. + properties: + jaasConfig: + description: jaasConfig specifies the Kafka client-side + JaaS configuration. + properties: + secretRef: + description: 'secretRef references the secret containing + the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: jaasConfigPassThrough specifies another way + to provide the Kafka client-side JaaS configuration. + properties: + directoryPathInContainer: + description: 'directoryPathInContainer specifies the + directory path in the container where required credentials + are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + minLength: 1 + type: string + secretRef: + description: 'secretRef references the secret containing + the required credentials for authentication. More + info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + oauthbearer: + description: oauthbearer is the authentication mechanism + to provider principals. Only supported in RBAC deployment. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the + directory path in the container where the credential + is mounted. + minLength: 1 + type: string + secretRef: + description: 'secretRef specifies the name of the + secret that contains the credential. More info: + https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the Kafka client authentication + type. Valid options are `plain`, `oauthbearer`, `digest`, + and `mtls`. + enum: + - plain + - oauthbearer + - digest + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: bootstrapEndpoint specifies the Kafka bootstrap + endpoint. + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: discovery specifies the capability to discover + the Kafka cluster. + properties: + name: + description: name is the name of the Confluent Platform + component cluster. + type: string + namespace: + description: namespace is where the Confluent Platform + component is running. The default value is the namespace + where CFK is running. + type: string + secretRef: + description: secretRef is the name of the secret used + to discover the Confluent Platform component. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: tls defines the client-side TLS setting for the + Kafka cluster. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the + secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: mds contains the configuration for MDS dependency + when RBAC is enabled. + properties: + authentication: + description: authentication specifies the client side authentication + configuration for the MDS. + properties: + bearer: + description: bearer specifies the bearer authentication + settings. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the + directory path in the container where the credential + is mounted. + minLength: 1 + type: string + secretRef: + description: 'secretRef specifies the name of the + secret that contains the credential. More info: + https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the authentication method + for the MDS. The valid option is `bearer`. + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: endpoint specifies the MDS endpoint. + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: ClientTLSConfig specifies the TLS configuration + for the Confluent component (dependencies, listeners). + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the + secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: tokenKeyPair specifies the token keypair to configure + the MDS. + properties: + directoryPathInContainer: + description: directoryPathInContainer defines the directory + path in the container where the MDS token key pair are + mounted. + minLength: 1 + type: string + secretRef: + description: secretRef references the name of the secret + that contains the MDS token key pair. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - authentication + - endpoint + - tokenKeyPair + type: object + producer: + description: producer contains the security configuration to connect + to the Kafka cluster. It is used for source connectors. If `bootstrapEndpoint` + is not configured, the security is configured based on the Kafka + dependency configuration. Configure this property if different + bootstrap endpoint of security is required for the producer. + properties: + authentication: + description: authentication defines the authentication for + the Kafka cluster. + properties: + jaasConfig: + description: jaasConfig specifies the Kafka client-side + JaaS configuration. + properties: + secretRef: + description: 'secretRef references the secret containing + the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: jaasConfigPassThrough specifies another way + to provide the Kafka client-side JaaS configuration. + properties: + directoryPathInContainer: + description: 'directoryPathInContainer specifies the + directory path in the container where required credentials + are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + minLength: 1 + type: string + secretRef: + description: 'secretRef references the secret containing + the required credentials for authentication. More + info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + oauthbearer: + description: oauthbearer is the authentication mechanism + to provider principals. Only supported in RBAC deployment. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the + directory path in the container where the credential + is mounted. + minLength: 1 + type: string + secretRef: + description: 'secretRef specifies the name of the + secret that contains the credential. More info: + https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the Kafka client authentication + type. Valid options are `plain`, `oauthbearer`, `digest`, + and `mtls`. + enum: + - plain + - oauthbearer + - digest + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: bootstrapEndpoint specifies the Kafka bootstrap + endpoint. + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: discovery specifies the capability to discover + the Kafka cluster. + properties: + name: + description: name is the name of the Confluent Platform + component cluster. + type: string + namespace: + description: namespace is where the Confluent Platform + component is running. The default value is the namespace + where CFK is running. + type: string + secretRef: + description: secretRef is the name of the secret used + to discover the Confluent Platform component. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: tls defines the client-side TLS setting for the + Kafka cluster. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the + secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + schemaRegistry: + description: schemaRegistry contains the dependency configuration + for the Schema Registry cluster. + properties: + authentication: + description: authentication specifies the authentication for + the Schema Registry cluster. + properties: + basic: + description: basic specifies the configuration for basic + authentication. + properties: + debug: + description: debug enables the basic authentication + debug logs for JaaS configuration. + type: boolean + directoryPathInContainer: + description: 'directoryPathInContainer allows to pass + the basic credential through a directory path in + the container. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + minLength: 1 + type: string + restrictedRoles: + description: restrictedRoles specify the restricted + roles on the server side only. Changes will be only + reflected in Control Center. This configuration + is ignored on the client side configuration. + items: + type: string + minItems: 1 + type: array + roles: + description: roles specify the roles on the server + side only. This configuration is ignored on the + client side configuration. + items: + type: string + type: array + secretRef: + description: 'secretRef defines secret reference to + pass the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the authentication scheme + for the REST API client. Valid options are `basic` and + `mtls`. + enum: + - basic + - mtls + type: string + required: + - type + type: object + tls: + description: tls defines the client-side TLS setting for the + Schema Registry cluster. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the + secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: url specifies the URL endpoint of the Schema + Registry cluster. + minLength: 1 + pattern: ^https?://.* + type: string + required: + - url + type: object + type: object + enableSchemas: + description: enableSchemas indicates whether to enable scheme or not. + type: boolean + externalAccess: + description: CPExternalAccess holds all external access policies for + the non-Kafka component clusters. + properties: + loadBalancer: + description: loadBalancer specifies the configuration to create + a Kubernetes load balancer service. + properties: + advertisedURL: + description: 'advertisedURL specifies the configuration for + advertised listener per pod. It is only supported for MDS + currently. If it is enabled, instead of using internal endpoint, + the MDS advertised listener for each broker will be set + to: `://.` + where podId starts from `0` to `replicaCount -1`. This is + only recommended if you cannot add internal SANs to the + TLS certificates for MDS and the external DNS must be resolved + inside the Kubernetes cluster.' + properties: + enabled: + description: enabled indicates whether to set the MDS + advertised listener url with external endpoint for each + broker. + type: boolean + prefix: + description: prefix specifies the broker prefix for MDS + advertised endpoint if using loadBalancer external access. + If not configured, it uses `b` as default prefix, such + as `b#.domain` where `#` will start from `0` to `replicaCount + -1`. + minLength: 1 + type: string + required: + - enabled + type: object + annotations: + additionalProperties: + type: string + description: annotations is a map of string key and value + pairs. It specifies Kubernetes annotations for the load + balancer service. + type: object + x-kubernetes-map-type: granular + domain: + description: domain is the domain name of the component cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: externalTrafficPolicy specifies the external + traffic policy for the service. Valid options are `Local` + and `Cluster`. + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: loadBalancerSourceRanges specify the source ranges. + items: + type: string + type: array + port: + description: port specifies the external port for the client + consumption. If not configured, the same internal/external + port is configured for the component. Information about + the port can be retrieved through the status API. + format: int32 + type: integer + prefix: + description: prefix specify the prefix for the given domain. + The default value is the name of the cluster. + minLength: 1 + type: string + servicePorts: + description: servicePorts specify the user-provided service + port(s). + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard service + names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in + the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type is NodePort or LoadBalancer. Usually + assigned by the system. If a value is specified, in-range, + and not in use it will be used, otherwise the operation + will fail. If not specified, a port will be allocated + if this Service requires one. If this field is specified + when creating a Service which does not need it, creation + will fail. This field will be wiped when updating + a Service to no longer need it (e.g. changing type + from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this + is not specified, the value of the ''port'' field + is used (an identity map). This field is ignored for + services with clusterIP=None, and should be omitted + or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'sessionAffinity defines the Kubernetes session + affinity. The valid options are `ClientIP` and `None`. `ClientIP` + enables the client IP-based session affinity. The default + value is `None`. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of the session affinity. + properties: + clientIP: + description: clientIP contains the configurations of Client + IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - domain + type: object + nodePort: + description: nodePort specifies the configuration to create a + Kubernetes node port service. + properties: + advertisedURL: + description: advertisedURL specifies the configuration for + advertised listener per pod. It is only supported for MDS + currently. If it is enabled, instead of using internal endpoint, + the MDS advertised listener for each broker will be set + to `://:, + where`podId` starts from `0` to `replicaCount - 1`. This + is only recommended if you cannot add internal SANs to the + TLS certificates for MDS and the external DNS must be resolved + inside the Kubernetes cluster. + properties: + enabled: + description: enabled indicates whether to set the MDS + advertised listener url with external endpoint for each + broker. + type: boolean + prefix: + description: prefix specifies the broker prefix for MDS + advertised endpoint if using loadBalancer external access. + If not configured, it uses `b` as default prefix, such + as `b#.domain` where `#` will start from `0` to `replicaCount + -1`. + minLength: 1 + type: string + required: + - enabled + type: object + annotations: + additionalProperties: + type: string + description: annotations is a map of string key and value + pairs that contains Kubernetes annotations for the node + port service. + type: object + x-kubernetes-map-type: granular + externalTrafficPolicy: + description: externalTrafficPolicy specifies the external + traffic policy for the service. Valid options are `Local` + and `Cluster`. + enum: + - Local + - Cluster + type: string + host: + description: host defines the host name of the cluster. + minLength: 1 + type: string + nodePortOffset: + description: nodePortOffset specifies the starting offset + of the node ports. The port numbers go in ascending order + with respect to the replicas count. NodePort service creation + fails if the node port is not in the range supported by + the Kubernetes API server. The default Kubernetes Node Port + range is `30000` - `32762`. + format: int32 + minimum: 0 + type: integer + servicePorts: + description: servicePorts specify user-provided service port(s). + For Kafka with the nodePort type, this setting is only applied + to Kafka bootstrap service. + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard service + names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in + the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type is NodePort or LoadBalancer. Usually + assigned by the system. If a value is specified, in-range, + and not in use it will be used, otherwise the operation + will fail. If not specified, a port will be allocated + if this Service requires one. If this field is specified + when creating a Service which does not need it, creation + will fail. This field will be wiped when updating + a Service to no longer need it (e.g. changing type + from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this + is not specified, the value of the ''port'' field + is used (an identity map). This field is ignored for + services with clusterIP=None, and should be omitted + or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'sessionAffinity defines the Kubernetes session + affinity. The valid options are `ClientIP` and `None`. `ClientIP` + enables the client IP-based session affinity. The default + value is `None`. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of the session affinity. + properties: + clientIP: + description: clientIP contains the configurations of Client + IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - host + - nodePortOffset + type: object + route: + description: route specifies the configuration to create a route + service in OpenShift. + properties: + annotations: + additionalProperties: + type: string + description: annotations is a map of string key and value + pairs that contains Kubernetes annotations for the route + services. + type: object + x-kubernetes-map-type: granular + domain: + description: domain specifies the domain name of the Confluent + component cluster. + minLength: 1 + type: string + prefix: + description: prefix specifies the component prefix when configured + for the domain. The default value is the name of the cluster. + minLength: 1 + type: string + wildcardPolicy: + description: wildcardPolicy allows you to define a route that + covers all hosts within a domain. Valid options are `Subdomain` + and `None`. The default value is `None`. + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: type specifies the Kubernetes external service for + the component. Valid options are `loadBalancer`, `nodePort`, + and `route`. + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + headlessService: + description: headlessService specifies the configuration of the Kubernetes + headless service. + properties: + annotations: + additionalProperties: + type: string + description: annotations is a map of string key and value pairs. + It specifies the annotations to be added to the CFK-created + headless service. These annotations are merged with the injectAnnotations + and take precedence. + type: object + x-kubernetes-map-type: granular + labels: + additionalProperties: + type: string + description: labels is a map of string key and value pairs. It + specifies the labels to be added to the CFK-created headless + service. These labels are merged with the injectLabels and take + precedence. + type: object + x-kubernetes-map-type: granular + publishNotReadyAddresses: + description: publishNotReadyAddresses specifies the publishNotReadyAddresses + field. For Kafka, this value must be true. The default value + is true. + type: boolean + type: object + image: + description: image specifies the application and the init docker image + configurations. A change to this setting will roll the cluster. + properties: + application: + description: application is the Docker image name of the application. + Specify `//:`. + pattern: .+:.+ + type: string + init: + description: init is the init-container name. Specify `//:`. + pattern: .+:.+ + type: string + pullPolicy: + description: pullPolicy is the policy for pulling images. Valid + options are `Always`, `Never`, and `IfNotPresent`. The default + value is `IfNotPresent`. + enum: + - Always + - Never + - IfNotPresent + type: string + pullSecretRef: + description: 'pullSecretRef references the secrets in the same + namespace to be used for pulling images. Image pull secrets + are distinct from secrets because secrets can be mounted in + the pod, but image pull secrets are only accessed by `kubelet`. + More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: injectAnnotations are the annotations injected to the + internal resources that CFK created. The internal annotations are + preserved and cannot be overridden. For pod annotations, use `podTemplate.annotations`. + type: object + x-kubernetes-map-type: granular + injectLabels: + additionalProperties: + type: string + description: injectLabels are the labels injected to the internal + resources that CFK created. The internal labels are preserved and + cannot be overridden. For pod labels, use `podTemplate.labels`. + type: object + x-kubernetes-map-type: granular + internalTopicReplicationFactor: + description: ' internalTopicReplicationFactor specifies the replication + factor for the internal topics. The default value is `3`.' + format: int32 + type: integer + k8sClusterDomain: + description: k8sClusterDomain specifies the configuration of the Kubernetes + cluster domain. The default is the `cluster.local` domain. + type: string + keyConverterType: + description: keyConverterType specifies the supported key converters + package for the Confluent Platform. For the supported converter + types, see https://docs.confluent.io/current/connect/concepts.html#connect-converters. + The default value is `org.apache.kafka.connect.json.JsonConverter`. + minLength: 1 + type: string + license: + description: license specifies the license configuration for the Confluent + Platform component. + properties: + directoryPathInContainer: + description: 'directoryPathInContainer specifies the directory + path in the container where the license key is mounted. More + info: https://docs.confluent.io/operator/current/co-license.html#update-component-level-licenses' + minLength: 1 + type: string + globalLicense: + description: globalLicense specifies whether the Confluent Platform + component shares the CFK license. + type: boolean + secretRef: + description: 'secretRef references the secret that provides the + license for the Confluent Platform component. More info: https://docs.confluent.io/operator/current/co-license.html#update-component-level-licenses' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + metrics: + description: metrics specify the security settings for the metric + services. + properties: + authentication: + description: authentication specifies the authentication configuration + for the metrics. + properties: + type: + description: type specifies the metrics authentication method. + The valid option is `mtls`. + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: prometheus specifies the configuration overrides + for the JMX-Prometheus exporter. + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Rule defines the Prometheus Exporter rule override. + properties: + attrNameSnakeCase: + type: boolean + cache: + type: boolean + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + anyOf: + - type: integer + - type: string + default: 1 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: tls specifies the TLS configuration for the metrics. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether to ignore + the truststore configuration for the Confluent component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the secret + containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing the + certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: 'mountedSecrets list the secrets injected to the underlying + statefulset configuration. The secret reference is mounted in the + default path `/mnt/secrets/`. The underlying resources + will follow the secret as a file configuration. More info: https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod. + A change to this setting will roll the cluster.' + items: + description: MountedSecrets provides a way to inject a custom secret + to the underlying statefulset. + properties: + keyItems: + description: keyItems are key and path names. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions + on this file. Must be an octal value between 0000 and + 0777 or a decimal value between 0 and 511. YAML accepts + both octal and decimal values, JSON requires decimal + values for mode bits. If not specified, the volume defaultMode + will be used. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: secretRef references the name of the secret. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + mountedVolumes: + description: mountedVolumes list the custom volumes that need to be + mounted into the underlying statefulset. A change to this setting + will roll the cluster. + properties: + volumeMounts: + description: volumeMounts specify the list of volume mounts for + the pods in the statefulset. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + description: volumes specify the list of volumes that can be mounted + into the pods of statefulset. + items: + description: Volume represents a named volume in a pod that + may be accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'AWSElasticBlockStore represents an AWS Disk + resource that is attached to a kubelet''s host machine + and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'Filesystem type of the volume that you + want to mount. Tip: Ensure that the filesystem type + is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + partition: + description: 'The partition in the volume that you want + to mount. If omitted, the default is to mount by volume + name. Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume partition + for /dev/sda is "0" (or you can leave the property + empty).' + format: int32 + type: integer + readOnly: + description: 'Specify "true" to force and set the ReadOnly + property in VolumeMounts to "true". If omitted, the + default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'Unique ID of the persistent disk resource + in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: AzureDisk represents an Azure Data Disk mount + on the host and bind mount to the pod. + properties: + cachingMode: + description: 'Host Caching mode: None, Read Only, Read + Write.' + type: string + diskName: + description: The Name of the data disk in the blob storage + type: string + diskURI: + description: The URI the data disk in the blob storage + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if + unspecified. + type: string + kind: + description: 'Expected values Shared: multiple blob + disks per storage account Dedicated: single blob + disk per storage account Managed: azure managed data + disk (only in managed availability set). defaults + to shared' + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: AzureFile represents an Azure File Service + mount on the host and bind mount to the pod. + properties: + readOnly: + description: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: the name of secret that contains Azure + Storage Account Name and Key + type: string + shareName: + description: Share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: CephFS represents a Ceph FS mount on the host + that shares a pod's lifetime + properties: + monitors: + description: 'Required: Monitors is a collection of + Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'Optional: Used as the mounted root, rather + than the full Ceph tree, default is /' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'Optional: SecretFile is the path to key + ring for User, default is /etc/ceph/user.secret More + info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'Optional: SecretRef is reference to the + authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + user: + description: 'Optional: User is the rados user name, + default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'Cinder represents a cinder volume attached + and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'Optional: points to a secret object containing + parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + volumeID: + description: 'volume id used to identify the volume + in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: ConfigMap represents a configMap that should + populate this volume + properties: + defaultMode: + description: 'Optional: mode bits used to set permissions + on created files by default. Must be an octal value + between 0000 and 0777 or a decimal value between 0 + and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults + to 0644. Directories within the path are not affected + by this setting. This might be in conflict with other + options that affect the file mode, like fsGroup, and + the result can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in + the Data field of the referenced ConfigMap will be + projected into the volume as a file whose name is + the key and content is the value. If specified, the + listed keys will be projected into the specified paths, + and unlisted keys will not be present. If a key is + specified which is not present in the ConfigMap, the + volume setup will error unless it is marked optional. + Paths must be relative and may not contain the '..' + path or start with '..'. + items: + description: Maps a string key to a path within a + volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set + permissions on this file. Must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal + values, JSON requires decimal values for mode + bits. If not specified, the volume defaultMode + will be used. This might be in conflict with + other options that affect the file mode, like + fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + path: + description: The relative path of the file to + map the key to. May not be an absolute path. + May not contain the path element '..'. May not + start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys + must be defined + type: boolean + type: object + csi: + description: CSI (Container Storage Interface) represents + ephemeral storage that is handled by certain external + CSI drivers (Beta feature). + properties: + driver: + description: Driver is the name of the CSI driver that + handles this volume. Consult with your admin for the + correct name as registered in the cluster. + type: string + fsType: + description: Filesystem type to mount. Ex. "ext4", "xfs", + "ntfs". If not provided, the empty value is passed + to the associated CSI driver which will determine + the default filesystem to apply. + type: string + nodePublishSecretRef: + description: NodePublishSecretRef is a reference to + the secret object containing sensitive information + to pass to the CSI driver to complete the CSI NodePublishVolume + and NodeUnpublishVolume calls. This field is optional, + and may be empty if no secret is required. If the + secret object contains more than one secret, all secret + references are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + readOnly: + description: Specifies a read-only configuration for + the volume. Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: VolumeAttributes stores driver-specific + properties that are passed to the CSI driver. Consult + your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: DownwardAPI represents downward API about the + pod that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created + files by default. Must be a Optional: mode bits used + to set permissions on created files by default. Must + be an octal value between 0000 and 0777 or a decimal + value between 0 and 511. YAML accepts both octal and + decimal values, JSON requires decimal values for mode + bits. Defaults to 0644. Directories within the path + are not affected by this setting. This might be in + conflict with other options that affect the file mode, + like fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume + file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the + pod: only annotations, labels, name and namespace + are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits used to set + permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal + values, JSON requires decimal values for mode + bits. If not specified, the volume defaultMode + will be used. This might be in conflict with + other options that affect the file mode, like + fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must not + be absolute or contain the ''..'' path. Must + be utf-8 encoded. The first item of the relative + path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'EmptyDir represents a temporary directory + that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'What type of storage medium should back + this directory. The default is "" which means to use + the node''s default medium. Must be an empty string + (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'Total amount of local storage required + for this EmptyDir volume. The size limit is also applicable + for memory medium. The maximum usage on memory medium + EmptyDir would be the minimum value between the SizeLimit + specified here and the sum of memory limits of all + containers in a pod. The default is nil which means + that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: "Ephemeral represents a volume that is handled + by a cluster storage driver. The volume's lifecycle is + tied to the pod that defines it - it will be created before + the pod starts, and deleted when the pod is removed. \n + Use this if: a) the volume is only needed while the pod + runs, b) features of normal volumes like restoring from + snapshot or capacity tracking are needed, c) the storage + driver is specified through a storage class, and d) the + storage driver supports dynamic volume provisioning through + \ a PersistentVolumeClaim (see EphemeralVolumeSource + for more information on the connection between this + volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim + or one of the vendor-specific APIs for volumes that persist + for longer than the lifecycle of an individual pod. \n + Use CSI for light-weight local ephemeral volumes if the + CSI driver is meant to be used that way - see the documentation + of the driver for more information. \n A pod can use both + types of ephemeral volumes and persistent volumes at the + same time." + properties: + volumeClaimTemplate: + description: "Will be used to create a stand-alone PVC + to provision the volume. The pod in which this EphemeralVolumeSource + is embedded will be the owner of the PVC, i.e. the + PVC will be deleted together with the pod. The name + of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` + array entry. Pod validation will reject the pod if + the concatenated name is not valid for a PVC (for + example, too long). \n An existing PVC with that name + that is not owned by the pod will *not* be used for + the pod to avoid using an unrelated volume by mistake. + Starting the pod is then blocked until the unrelated + PVC is removed. If such a pre-created PVC is meant + to be used by the pod, the PVC has to updated with + an owner reference to the pod once the pod exists. + Normally this should not be necessary, but it may + be useful when manually reconstructing a broken cluster. + \n This field is read-only and no changes will be + made by Kubernetes to the PVC after it has been created. + \n Required, must not be nil." + properties: + metadata: + description: May contain labels and annotations + that will be copied into the PVC when creating + it. No other fields are allowed and will be rejected + during validation. + type: object + spec: + description: The specification for the PersistentVolumeClaim. + The entire content is copied unchanged into the + PVC that gets created from this template. The + same fields as in a PersistentVolumeClaim are + also valid here. + properties: + accessModes: + description: 'AccessModes contains the desired + access modes the volume should have. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'This field can be used to specify + either: * An existing VolumeSnapshot object + (snapshot.storage.k8s.io/VolumeSnapshot) * + An existing PVC (PersistentVolumeClaim) If + the provisioner or an external controller + can support the specified data source, it + will create a new volume based on the contents + of the specified data source. If the AnyVolumeDataSource + feature gate is enabled, this field will always + have the same contents as the DataSourceRef + field.' + properties: + apiGroup: + description: APIGroup is the group for the + resource being referenced. If APIGroup + is not specified, the specified Kind must + be in the core API group. For any other + third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + dataSourceRef: + description: 'Specifies the object from which + to populate the volume with data, if a non-empty + volume is desired. This may be any local object + from a non-empty API group (non core object) + or a PersistentVolumeClaim object. When this + field is specified, volume binding will only + succeed if the type of the specified object + matches some installed volume populator or + dynamic provisioner. This field will replace + the functionality of the DataSource field + and as such if both fields are non-empty, + they must have the same value. For backwards + compatibility, both fields (DataSource and + DataSourceRef) will be set to the same value + automatically if one of them is empty and + the other is non-empty. There are two important + differences between DataSource and DataSourceRef: + * While DataSource only allows two specific + types of objects, DataSourceRef allows any + non-core object, as well as PersistentVolumeClaim + objects. * While DataSource ignores disallowed + values (dropping them), DataSourceRef preserves + all values, and generates an error if a disallowed + value is specified. (Alpha) Using this field + requires the AnyVolumeDataSource feature gate + to be enabled.' + properties: + apiGroup: + description: APIGroup is the group for the + resource being referenced. If APIGroup + is not specified, the specified Kind must + be in the core API group. For any other + third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + resources: + description: 'Resources represents the minimum + resources the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify + resource requirements that are lower than + previous value but must still be higher than + capacity recorded in the status field of the + claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. + If Requests is omitted for a container, + it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: A label query over volumes to consider + for binding. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'Name of the StorageClass required + by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of + volume is required by the claim. Value of + Filesystem is implied when not included in + claim spec. + type: string + volumeName: + description: VolumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: FC represents a Fibre Channel resource that + is attached to a kubelet's host machine and then exposed + to the pod. + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if + unspecified. TODO: how do we prevent errors in the + filesystem from compromising the machine' + type: string + lun: + description: 'Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'Optional: FC target worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: 'Optional: FC volume world wide identifiers + (wwids) Either wwids or combination of targetWWNs + and lun must be set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: FlexVolume represents a generic volume resource + that is provisioned/attached using an exec based plugin. + properties: + driver: + description: Driver is the name of the driver to use + for this volume. + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". The default filesystem depends on FlexVolume + script. + type: string + options: + additionalProperties: + type: string + description: 'Optional: Extra command options if any.' + type: object + readOnly: + description: 'Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'Optional: SecretRef is reference to the + secret object containing sensitive information to + pass to the plugin scripts. This may be empty if no + secret object is specified. If the secret object contains + more than one secret, all secrets are passed to the + plugin scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + required: + - driver + type: object + flocker: + description: Flocker represents a Flocker volume attached + to a kubelet's host machine. This depends on the Flocker + control service being running + properties: + datasetName: + description: Name of the dataset stored as metadata + -> name on the dataset for Flocker should be considered + as deprecated + type: string + datasetUUID: + description: UUID of the dataset. This is unique identifier + of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'GCEPersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then + exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'Filesystem type of the volume that you + want to mount. Tip: Ensure that the filesystem type + is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + partition: + description: 'The partition in the volume that you want + to mount. If omitted, the default is to mount by volume + name. Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume partition + for /dev/sda is "0" (or you can leave the property + empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'Unique name of the PD resource in GCE. + Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly + setting in VolumeMounts. Defaults to false. More info: + https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'GitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision + a container with a git repo, mount an EmptyDir into an + InitContainer that clones the repo using git, then mount + the EmptyDir into the Pod''s container.' + properties: + directory: + description: Target directory name. Must not contain + or start with '..'. If '.' is supplied, the volume + directory will be the git repository. Otherwise, + if specified, the volume will contain the git repository + in the subdirectory with the given name. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'Glusterfs represents a Glusterfs mount on + the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'EndpointsName is the endpoint name that + details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'Path is the Glusterfs volume path. More + info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'ReadOnly here will force the Glusterfs + volume to be mounted with read-only permissions. Defaults + to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'HostPath represents a pre-existing file or + directory on the host machine that is directly exposed + to the container. This is generally used for system agents + or other privileged things that are allowed to see the + host machine. Most containers will NOT need this. More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host + directory mounts and who can/can not mount host directories + as read/write.' + properties: + path: + description: 'Path of the directory on the host. If + the path is a symlink, it will follow the link to + the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'Type for HostPath Volume Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'ISCSI represents an ISCSI Disk resource that + is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: whether support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: whether support iSCSI Session CHAP authentication + type: boolean + fsType: + description: 'Filesystem type of the volume that you + want to mount. Tip: Ensure that the filesystem type + is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + initiatorName: + description: Custom iSCSI Initiator Name. If initiatorName + is specified with iscsiInterface simultaneously, new + iSCSI interface : will + be created for the connection. + type: string + iqn: + description: Target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iSCSI Interface Name that uses an iSCSI + transport. Defaults to 'default' (tcp). + type: string + lun: + description: iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: iSCSI Target Portal List. The portal is + either an IP or ip_addr:port if the port is other + than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: CHAP Secret for iSCSI target and initiator + authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + targetPortal: + description: iSCSI Target Portal. The Portal is either + an IP or ip_addr:port if the port is other than default + (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique + within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'NFS represents an NFS mount on the host that + shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'Path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'ReadOnly here will force the NFS export + to be mounted with read-only permissions. Defaults + to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'Server is the hostname or IP address of + the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'PersistentVolumeClaimVolumeSource represents + a reference to a PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'ClaimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: PhotonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host + machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if + unspecified. + type: string + pdID: + description: ID that identifies Photon Controller persistent + disk + type: string + required: + - pdID + type: object + portworxVolume: + description: PortworxVolume represents a portworx volume + attached and mounted on kubelets host machine + properties: + fsType: + description: FSType represents the filesystem type to + mount Must be a filesystem type supported by the host + operating system. Ex. "ext4", "xfs". Implicitly inferred + to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: VolumeID uniquely identifies a Portworx + volume + type: string + required: + - volumeID + type: object + projected: + description: Items for all in one resources secrets, configmaps, + and downward API + properties: + defaultMode: + description: Mode bits used to set permissions on created + files by default. Must be an octal value between 0000 + and 0777 or a decimal value between 0 and 511. YAML + accepts both octal and decimal values, JSON requires + decimal values for mode bits. Directories within the + path are not affected by this setting. This might + be in conflict with other options that affect the + file mode, like fsGroup, and the result can be other + mode bits set. + format: int32 + type: integer + sources: + description: list of volume projections + items: + description: Projection that may be projected along + with other supported volume types + properties: + configMap: + description: information about the configMap data + to project + properties: + items: + description: If unspecified, each key-value + pair in the Data field of the referenced + ConfigMap will be projected into the volume + as a file whose name is the key and content + is the value. If specified, the listed keys + will be projected into the specified paths, + and unlisted keys will not be present. If + a key is specified which is not present + in the ConfigMap, the volume setup will + error unless it is marked optional. Paths + must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used + to set permissions on this file. Must + be an octal value between 0000 and + 0777 or a decimal value between 0 + and 511. YAML accepts both octal and + decimal values, JSON requires decimal + values for mode bits. If not specified, + the volume defaultMode will be used. + This might be in conflict with other + options that affect the file mode, + like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the + file to map the key to. May not be + an absolute path. May not contain + the path element '..'. May not start + with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + downwardAPI: + description: information about the downwardAPI + data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits used + to set permissions on this file, must + be an octal value between 0000 and + 0777 or a decimal value between 0 + and 511. YAML accepts both octal and + decimal values, JSON requires decimal + values for mode bits. If not specified, + the volume defaultMode will be used. + This might be in conflict with other + options that affect the file mode, + like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the + relative path name of the file to + be created. Must not be absolute or + contain the ''..'' path. Must be utf-8 + encoded. The first item of the relative + path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of + the container: only resources limits + and requests (limits.cpu, limits.memory, + requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: information about the secret data + to project + properties: + items: + description: If unspecified, each key-value + pair in the Data field of the referenced + Secret will be projected into the volume + as a file whose name is the key and content + is the value. If specified, the listed keys + will be projected into the specified paths, + and unlisted keys will not be present. If + a key is specified which is not present + in the Secret, the volume setup will error + unless it is marked optional. Paths must + be relative and may not contain the '..' + path or start with '..'. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used + to set permissions on this file. Must + be an octal value between 0000 and + 0777 or a decimal value between 0 + and 511. YAML accepts both octal and + decimal values, JSON requires decimal + values for mode bits. If not specified, + the volume defaultMode will be used. + This might be in conflict with other + options that affect the file mode, + like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the + file to map the key to. May not be + an absolute path. May not contain + the path element '..'. May not start + with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + type: object + serviceAccountToken: + description: information about the serviceAccountToken + data to project + properties: + audience: + description: Audience is the intended audience + of the token. A recipient of a token must + identify itself with an identifier specified + in the audience of the token, and otherwise + should reject the token. The audience defaults + to the identifier of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested + duration of validity of the service account + token. As the token approaches expiration, + the kubelet volume plugin will proactively + rotate the service account token. The kubelet + will start trying to rotate the token if + the token is older than 80 percent of its + time to live or if the token is older than + 24 hours.Defaults to 1 hour and must be + at least 10 minutes. + format: int64 + type: integer + path: + description: Path is the path relative to + the mount point of the file to project the + token into. + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + description: Quobyte represents a Quobyte mount on the host + that shares a pod's lifetime + properties: + group: + description: Group to map volume access to Default is + no group + type: string + readOnly: + description: ReadOnly here will force the Quobyte volume + to be mounted with read-only permissions. Defaults + to false. + type: boolean + registry: + description: Registry represents a single or multiple + Quobyte Registry services specified as a string as + host:port pair (multiple entries are separated with + commas) which acts as the central registry for volumes + type: string + tenant: + description: Tenant owning the given Quobyte volume + in the Backend Used with dynamically provisioned Quobyte + volumes, value is set by the plugin + type: string + user: + description: User to map volume access to Defaults to + serivceaccount user + type: string + volume: + description: Volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'RBD represents a Rados Block Device mount + on the host that shares a pod''s lifetime. More info: + https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'Filesystem type of the volume that you + want to mount. Tip: Ensure that the filesystem type + is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + image: + description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'Keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'A collection of Ceph monitors. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'The rados pool name. Default is rbd. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly + setting in VolumeMounts. Defaults to false. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'SecretRef is name of the authentication + secret for RBDUser. If provided overrides keyring. + Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + user: + description: 'The rados user name. Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: ScaleIO represents a ScaleIO persistent volume + attached and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: The host address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: The name of the ScaleIO Protection Domain + for the configured storage. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef references to the secret for + ScaleIO user and other sensitive information. If this + is not provided, Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + sslEnabled: + description: Flag to enable/disable SSL communication + with Gateway, default false + type: boolean + storageMode: + description: Indicates whether the storage for a volume + should be ThickProvisioned or ThinProvisioned. Default + is ThinProvisioned. + type: string + storagePool: + description: The ScaleIO Storage Pool associated with + the protection domain. + type: string + system: + description: The name of the storage system as configured + in ScaleIO. + type: string + volumeName: + description: The name of a volume already created in + the ScaleIO system that is associated with this volume + source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'Secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'Optional: mode bits used to set permissions + on created files by default. Must be an octal value + between 0000 and 0777 or a decimal value between 0 + and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults + to 0644. Directories within the path are not affected + by this setting. This might be in conflict with other + options that affect the file mode, like fsGroup, and + the result can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in + the Data field of the referenced Secret will be projected + into the volume as a file whose name is the key and + content is the value. If specified, the listed keys + will be projected into the specified paths, and unlisted + keys will not be present. If a key is specified which + is not present in the Secret, the volume setup will + error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start + with '..'. + items: + description: Maps a string key to a path within a + volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set + permissions on this file. Must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal + values, JSON requires decimal values for mode + bits. If not specified, the volume defaultMode + will be used. This might be in conflict with + other options that affect the file mode, like + fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + path: + description: The relative path of the file to + map the key to. May not be an absolute path. + May not contain the path element '..'. May not + start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: Specify whether the Secret or its keys + must be defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace + to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: StorageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if + unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef specifies the secret to use for + obtaining the StorageOS API credentials. If not specified, + default values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + volumeName: + description: VolumeName is the human-readable name of + the StorageOS volume. Volume names are only unique + within a namespace. + type: string + volumeNamespace: + description: VolumeNamespace specifies the scope of + the volume within StorageOS. If no namespace is specified + then the Pod's namespace will be used. This allows + the Kubernetes name scoping to be mirrored within + StorageOS for tighter integration. Set VolumeName + to any name to override the default behaviour. Set + to "default" if you are not using namespaces within + StorageOS. Namespaces that do not pre-exist within + StorageOS will be created. + type: string + type: object + vsphereVolume: + description: VsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if + unspecified. + type: string + storagePolicyID: + description: Storage Policy Based Management (SPBM) + profile ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: Storage Policy Based Management (SPBM) + profile name. + type: string + volumePath: + description: Path that identifies vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + required: + - volumeMounts + - volumes + type: object + oneReplicaPerNode: + description: oneReplicaPerNode controls whether to run 1 pod per node + using the pod anti-affinity capability. Enabling this configuration + in an existing cluster will roll the cluster. + type: boolean + podTemplate: + description: podTemplate specifies the statefulset pod template configuration. + properties: + affinity: + description: 'affinity specifies a group of affinity scheduling + rules. More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity.' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from + its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term + matches no objects. The requirements of them are + ANDed. The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. This + field is beta-level and is only honored when + PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. This field is beta-level + and is only honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node that + violates one or more of the expressions. The node that + is most preferred is the one with the greatest sum of + weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. This + field is beta-level and is only honored when + PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod + label update), the system may or may not try to eventually + evict the pod from its node. When there are multiple + elements, the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. This field is beta-level + and is only honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'annotations is a map of string key and value pairs + stored with the resource and may be set by external tools to + store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations.' + type: object + x-kubernetes-map-type: granular + envVars: + description: 'envVars contain environment variables to be injected + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container.' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. If + a variable cannot be resolved, the reference in the input + string will be unchanged. Double $$ are reduced to a single + $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'labels is a map of string key and value pairs that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels.' + type: object + x-kubernetes-map-type: granular + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present + in container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to + all containers in a pod. Some volume types allow the Kubelet + to change the ownership of that volume to be owned by the + pod: \n 1. The owning GID will be the FSGroup 2. The setgid + bit is set (new files created in the volume will be owned + by FSGroup) 3. The permission bits are OR'd with rw-rw---- + \n If unset, the Kubelet will not modify the ownership and + permissions of any volume. Note that this field cannot be + set when spec.os.name is windows." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified, "Always" is used. Note that + this field cannot be set when spec.os.name is windows.' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. Note that this field + cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + Note that this field cannot be set when spec.os.name is + windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence + for that container. Note that this field cannot be set when + spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by the containers + in this pod. Note that this field cannot be set when spec.os.name + is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile must + be preconfigured on the node to work. Must be a descending + path, relative to the kubelet's configured seccomp profile + location. Must only be set if type is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - a + profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile + should be used. Unconfined - no profile should be applied." + type: string + required: + - type + type: object + supplementalGroups: + description: A list of groups applied to the first process + run in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + Note that this field cannot be set when spec.os.name is + windows. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. Note that this field cannot + be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options within a container's + SecurityContext will be used. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. This field is + alpha-level and will only be honored by components that + enable the WindowsHostProcessContainers feature flag. + Setting this field without the feature flag will result + in errors when validating the Pod. All of a Pod's containers + must have the same effective HostProcess value (it is + not allowed to have a mix of HostProcess containers + and non-HostProcess containers). In addition, if HostProcess + is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + priorityClassName: + description: priorityClassName specifies the priority class for + the pod (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: probe contains the fields for standard Kubernetes + readiness/liveness probe configuration. + properties: + liveness: + description: liveness configures the Kubernetes probe settings. + The changes will override the existing default configuration. + properties: + failureThreshold: + description: failureThreshold is the minimum consecutive + failures for the probe to be considered failed. Confluent + Platform components come with the right configuration, + and this setting is not required to change most of the + time. + format: int32 + type: integer + initialDelaySeconds: + description: initialDelaySeconds is the number of seconds + after the container has started and before probes are + initiated. Confluent Platform components come with the + right configuration, and this setting is not required + to change most of the time. + format: int32 + type: integer + periodSeconds: + description: periodSeconds specifies how often to perform + the probe. Confluent Platform components come with the + right configuration, and this setting is not required + to change most of the time. + format: int32 + type: integer + successThreshold: + description: successThreshold is the minimum consecutive + successes for the probe to be considered successful + after having failed. The default values is `1`. Must + be `1` for liveness and startup. The minimum value is + `1`. + format: int32 + type: integer + timeoutSeconds: + description: timeoutSeconds is the number of seconds after + which the probe times out. Confluent Platform components + come with the right configuration, and this setting + is not required to change most of the time. + format: int32 + type: integer + type: object + readiness: + description: readiness configures the Kubernetes probe setting. + The changes will override the existing default configuration. + properties: + failureThreshold: + description: failureThreshold is the minimum consecutive + failures for the probe to be considered failed. Confluent + Platform components come with the right configuration, + and this setting is not required to change most of the + time. + format: int32 + type: integer + initialDelaySeconds: + description: initialDelaySeconds is the number of seconds + after the container has started and before probes are + initiated. Confluent Platform components come with the + right configuration, and this setting is not required + to change most of the time. + format: int32 + type: integer + periodSeconds: + description: periodSeconds specifies how often to perform + the probe. Confluent Platform components come with the + right configuration, and this setting is not required + to change most of the time. + format: int32 + type: integer + successThreshold: + description: successThreshold is the minimum consecutive + successes for the probe to be considered successful + after having failed. The default values is `1`. Must + be `1` for liveness and startup. The minimum value is + `1`. + format: int32 + type: integer + timeoutSeconds: + description: timeoutSeconds is the number of seconds after + which the probe times out. Confluent Platform components + come with the right configuration, and this setting + is not required to change most of the time. + format: int32 + type: integer + type: object + type: object + resources: + description: resources describe the compute resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: SecurityContext holds security configuration that + will be applied to a container. Some fields are present in both + SecurityContext and PodSecurityContext. When both are set, + the values in SecurityContext take precedence. + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN Note that this field cannot be set + when spec.os.name is windows.' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. Note that this field cannot be set when + spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. Note that this field cannot + be set when spec.os.name is windows. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. Note that this field cannot be set when spec.os.name + is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. Note that this field cannot be set when + spec.os.name is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this container. + If seccomp options are provided at both the pod & container + level, the container options override the pod options. Note + that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile must + be preconfigured on the node to work. Must be a descending + path, relative to the kubelet's configured seccomp profile + location. Must only be set if type is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - a + profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile + should be used. Unconfined - no profile should be applied." + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is + linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. This field is + alpha-level and will only be honored by components that + enable the WindowsHostProcessContainers feature flag. + Setting this field without the feature flag will result + in errors when validating the Pod. All of a Pod's containers + must have the same effective HostProcess value (it is + not allowed to have a mix of HostProcess containers + and non-HostProcess containers). In addition, if HostProcess + is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the service account + used to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account.' + type: string + terminationGracePeriodSeconds: + description: terminationGracePeriodSeconds is the grace period + before the pod is deleted. + format: int64 + type: integer + tolerations: + description: tolerations specify the pods to schedule onto the + nodes with matching taints, using the triple `` + and the matching operator ``. + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: topologySpreadConstraints describe how a group of + pods ought to spread across topology domains. Scheduler will + schedule pods based on the constraints. All topologySpreadConstraints + are ANDed. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods + may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, + it is the maximum permitted difference between the number + of matching pods in the target topology and the global + minimum. For example, in a 3-zone cluster, MaxSkew is + set to 1, and pods with the same labelSelector spread + as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | + - if MaxSkew is 1, incoming pod can only be scheduled + to zone3 to become 1/1/1; scheduling it onto zone1(zone2) + would make the ActualSkew(2-0) on zone1(zone2) violate + MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled + onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, + it is used to give higher precedence to topologies that + satisfy it. It''s a required field. Default value is 1 + and 0 is not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - + DoNotSchedule (default) tells the scheduler not to schedule + it. - ScheduleAnyway tells the scheduler to schedule the + pod in any location, but giving higher precedence to + topologies that would help reduce the skew. A constraint + is considered "Unsatisfiable" for an incoming pod if and + only if every possible node assignment for that pod would + violate "MaxSkew" on some topology. For example, in a + 3-zone cluster, MaxSkew is set to 1, and pods with the + same labelSelector spread as 3/1/1: | zone1 | zone2 | + zone3 | | P P P | P | P | If WhenUnsatisfiable + is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) + on zone2(zone3) satisfies MaxSkew(1). In other words, + the cluster can still be imbalanced, but scheduler won''t + make it *more* imbalanced. It''s a required field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + replicas: + description: replicas is the desired number of replicas. A change + to this setting will roll the cluster. + format: int32 + type: integer + telemetry: + description: telemetry specifies the Confluent telemetry reporter + configuration. + properties: + global: + description: global allows disabling telemetry configuration. + If CFK is deployed with telemetry, this field is only used to + disable telemetry. The default value is `true` if telemetry + is enabled at the global level. + type: boolean + type: object + tls: + description: tls specifies the global-level TLS configuration. + properties: + autoGeneratedCerts: + description: autoGeneratedCerts specifies that the certificates + are auto-generated based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` is + not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether to ignore + the truststore configuration for the Confluent component. + type: boolean + jksPassword: + description: jksPassword references the secret containing the + JKS password. + properties: + secretRef: + description: 'secretRef references the name of the secret + containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing the certificates. + More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + valueConverterType: + description: valueConverterType specifies the supported value converters + package for the Confluent Platform. For the supported converter + types, see https://docs.confluent.io/current/connect/concepts.html#connect-converters. + The default value is `org.apache.kafka.connect.json.JsonConverter`. + minLength: 1 + type: string + required: + - image + - replicas + type: object + status: + description: status defines the observed state of the Connect cluster. + properties: + authorizationType: + description: authorizationType is the authorization type for this + Confluent component. + type: string + clusterName: + description: clusterName is the name of the Confluent Platform component + cluster. + type: string + clusterNamespace: + description: clusterNamespace is the namespace where the Confluent + Platform component cluster is running. + type: string + conditions: + description: conditions specify the latest available observations + of the current state. + items: + description: Condition represent the latest available observations + of the current state. + properties: + lastProbeTime: + description: lastProbeTime shows the last time the condition + was evaluated. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime shows the last time the condition + was transitioned from one status to another. + format: date-time + type: string + message: + description: message shows a human-readable message with details + about the transition. + type: string + reason: + description: reason shows the reason for the last transition + of the condition. + type: string + status: + description: status shows the status of the condition, one of + `True`, `False`, or `Unknown`. + type: string + type: + description: type shows the condition type. + type: string + type: object + type: array + connectorPlugins: + description: connectorPlugins are the installed connector plugins. + items: + description: ConnectorPluginStatus defines the state of the connector + plugin. + properties: + class: + description: class specifies the class name of the connector + plugin. + type: string + type: + description: type is the connector plugin type, which can be + `SOURCE`, `SINK` or `UNKNOWN`. + type: string + version: + description: version is the current version of the connector + plugin. + type: string + required: + - class + type: object + type: array + connectorTLSFilePaths: + description: connectorTLSFilePaths are the connector TLS file paths. + items: + description: CustomTLSFilePathStatus specifies the file paths of + the custom TLS certificates. + properties: + jksPasswordPath: + description: jksPasswordPath contains the absolute path of the + `jksPassword.txt` file. + type: string + keyStorePath: + description: keyStorePath contains the absolute path of the + keystore file, `.jks` or `.p12`. + type: string + trustStorePath: + description: trustStorePath contains the absolute path of the + truststore file, `.jks` or `.p12`. + type: string + type: object + type: array + currentReplicas: + description: currentReplicas is the number of currently running replicas. + format: int32 + type: integer + groupID: + description: groupID is the group id of the Connect cluster. + type: string + internalSecrets: + description: internalSecrets are internal secrets created by CFK for + this Confluent component. + items: + type: string + type: array + internalTopicNames: + description: internalTopicNames are the topics used by the component + for internal use. + items: + type: string + type: array + kafka: + description: kafka is the Kafka client side status for the Connect + cluster. + properties: + authenticationType: + description: authenticationType describes the authentication method + for the Kafka cluster. + type: string + bootstrapEndpoint: + description: bootstrapEndpoint specifies the Kafka bootstrap endpoint. + type: string + tls: + description: tls indicates whether TLS is enabled for the Kafka + dependency. + type: boolean + type: object + operatorVersion: + description: operatorVersion is the internal version of CFK. + type: string + phase: + description: phase describes the state of the Confluent Platform component. + type: string + rbac: + description: rbac contains the RBAC-related status when RBAC is enabled. + properties: + clusterID: + description: clusterID specifies the id of the cluster. + type: string + internalRolebindings: + description: internalRolebindings specifies the internal rolebindings. + items: + type: string + type: array + type: object + readyReplicas: + description: readyReplicas is the number of currently ready replicas. + format: int32 + type: integer + replicas: + description: replicas is the number of replicas. + format: int32 + type: integer + restConfig: + description: restConfig is the REST configuration of the Connect cluster. + properties: + advertisedExternalEndpoints: + description: advertisedExternalEndpoints specifies other advertised + endpoints used, especially for Kafka. + items: + type: string + type: array + authenticationType: + description: authenticationType shows the authentication type + configured by the listener. + type: string + externalAccessType: + description: externalAccessType shows the external access type + used for the listener. + type: string + externalEndpoint: + description: externalEndpoint specifies the external endpoint + to connect to the Confluent component cluster. + type: string + internalEndpoint: + description: internalEndpoint specifies the internal endpoint + to connect to the Confluent component cluster. + type: string + tls: + description: tls shows whether TLS is configured for the listener. + type: boolean + type: object + selector: + description: selector gets the label selector of the child pod. The + Horizontal Pod Autoscaler(HPA) will scale using the label selector + of the child pod. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.3.0/crds/platform.confluent.io_controlcenters.yaml b/base/cfk-base/2.3.0/crds/platform.confluent.io_controlcenters.yaml new file mode 100644 index 0000000..07f5cd1 --- /dev/null +++ b/base/cfk-base/2.3.0/crds/platform.confluent.io_controlcenters.yaml @@ -0,0 +1,5299 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_controlcenters.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + name: controlcenters.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: ControlCenter + listKind: ControlCenterList + plural: controlcenters + shortNames: + - controlcenter + - c3 + singular: controlcenter + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.replicas + name: Replicas + type: string + - jsonPath: .status.readyReplicas + name: Ready + type: string + - jsonPath: .status.phase + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.kafka.bootstrapEndpoint + name: Kafka + priority: 1 + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: ControlCenter is the schema for the Control Center API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec defines the desired state of the Control Center cluster. + properties: + authentication: + description: authentication specifies the authentication configurations. + properties: + basic: + description: basic specifies the configuration for basic authentication. + properties: + debug: + description: debug enables the basic authentication debug + logs for JaaS configuration. + type: boolean + directoryPathInContainer: + description: 'directoryPathInContainer allows to pass the + basic credential through a directory path in the container. + More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + minLength: 1 + type: string + restrictedRoles: + description: restrictedRoles specify the restricted roles + on the server side only. Changes will be only reflected + in Control Center. This configuration is ignored on the + client side configuration. + items: + type: string + minItems: 1 + type: array + roles: + description: roles specify the roles on the server side only. + This configuration is ignored on the client side configuration. + items: + type: string + type: array + secretRef: + description: 'secretRef defines secret reference to pass the + required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + ldap: + description: ldap specifies the configuration for Control Center + LDAP authentication. + properties: + debug: + description: debug enables basic authentication debug logs + for JaaS configuration. + type: boolean + property: + additionalProperties: + type: string + description: property is a map of string key and value pairs + that specifies the LDAP configuration. Use a secret object + to pass username/password. + type: object + x-kubernetes-map-type: granular + restrictedRoles: + description: restrictedRoles specify the restricted access + roles. + items: + type: string + minItems: 1 + type: array + roles: + description: roles specify the roles on the server side only. + items: + type: string + minItems: 1 + type: array + secretRef: + description: 'secretRef references the secret to pass required + credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#ldap-authentication-for-c3' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the authentication type of the Control + Center. Valid options are `basic`, `ldap`, and `mtls`. + enum: + - basic + - ldap + - mtls + type: string + required: + - type + type: object + authorization: + description: authorization specifies the authorization configurations. + properties: + kafkaRestClassRef: + description: kafkaRestClassRef references the KafkaRestClass which + specifies the Kafka REST API connection configuration. + properties: + name: + description: name specifies the name of the KafkaRestClass + application resource. + minLength: 1 + type: string + namespace: + description: namespace specifies the namespace of the KafkaRestClass. + type: string + required: + - name + type: object + type: + description: type specifies the client-side authorization type. + The valid option is `rbac`. + enum: + - rbac + type: string + required: + - type + type: object + configOverrides: + description: configOverrides specifies the configs to override the + server, JVM, Log4j properties for the Control Center. + properties: + jvm: + description: jvm is a list of JVM configuration supported by the + Confluent Platform component. This will either add or update + the existing configuration. + items: + type: string + type: array + log4j: + description: log4j is a list of Log4J configuration supported + by the Confluent Platform component. This will either add or + update the existing configuration. + items: + type: string + type: array + server: + description: server is a list of server configuration supported + by the Confluent Platform component. This will either add or + update existing configuration. + items: + type: string + type: array + type: object + dataVolumeCapacity: + anyOf: + - type: integer + - type: string + description: dataVolumeCapacity specifies the data size for the persistent + volume. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + dependencies: + description: dependencies specify the dependencies configurations. + properties: + connect: + description: connect defines the Connect worker dependency configurations. + items: + description: ControlCenterConnectDependency defines the Connect + dependency settings. + properties: + authentication: + description: authentication specifies the authentication + configuration for the Connect cluster. + properties: + basic: + description: basic specifies the configuration for basic + authentication. + properties: + debug: + description: debug enables the basic authentication + debug logs for JaaS configuration. + type: boolean + directoryPathInContainer: + description: 'directoryPathInContainer allows to + pass the basic credential through a directory + path in the container. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + minLength: 1 + type: string + restrictedRoles: + description: restrictedRoles specify the restricted + roles on the server side only. Changes will be + only reflected in Control Center. This configuration + is ignored on the client side configuration. + items: + type: string + minItems: 1 + type: array + roles: + description: roles specify the roles on the server + side only. This configuration is ignored on the + client side configuration. + items: + type: string + type: array + secretRef: + description: 'secretRef defines secret reference + to pass the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the authentication scheme + for the REST API client. Valid options are `basic` + and `mtls`. + enum: + - basic + - mtls + type: string + required: + - type + type: object + name: + description: name specifies the Connect cluster name. + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + tls: + description: tls specifies the client-side TLS setting for + the Connect cluster. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the + directory path in the container where `keystore.jks`, + `truststore.jks`, and `jksPassword.txt` keys are mounted. + `truststore.jks` is not configured and can be ignored + when the `ignoreTrustStoreConfig` field is set to + `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the + secret containing the JKS password. More info: + https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: url specifies the URL endpoint of the Connect + cluster. + minLength: 1 + pattern: ^https?://.* + type: string + required: + - name + - url + type: object + type: array + kafka: + description: kafka defines the Kafka dependency configurations. + properties: + authentication: + description: authentication defines the authentication for + the Kafka cluster. + properties: + jaasConfig: + description: jaasConfig specifies the Kafka client-side + JaaS configuration. + properties: + secretRef: + description: 'secretRef references the secret containing + the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: jaasConfigPassThrough specifies another way + to provide the Kafka client-side JaaS configuration. + properties: + directoryPathInContainer: + description: 'directoryPathInContainer specifies the + directory path in the container where required credentials + are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + minLength: 1 + type: string + secretRef: + description: 'secretRef references the secret containing + the required credentials for authentication. More + info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + oauthbearer: + description: oauthbearer is the authentication mechanism + to provider principals. Only supported in RBAC deployment. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the + directory path in the container where the credential + is mounted. + minLength: 1 + type: string + secretRef: + description: 'secretRef specifies the name of the + secret that contains the credential. More info: + https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the Kafka client authentication + type. Valid options are `plain`, `oauthbearer`, `digest`, + and `mtls`. + enum: + - plain + - oauthbearer + - digest + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: bootstrapEndpoint specifies the Kafka bootstrap + endpoint. + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: discovery specifies the capability to discover + the Kafka cluster. + properties: + name: + description: name is the name of the Confluent Platform + component cluster. + type: string + namespace: + description: namespace is where the Confluent Platform + component is running. The default value is the namespace + where CFK is running. + type: string + secretRef: + description: secretRef is the name of the secret used + to discover the Confluent Platform component. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: tls defines the client-side TLS setting for the + Kafka cluster. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the + secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + ksqldb: + description: ksqldb defines the ksqlDB dependency configurations. + items: + description: ControlCenterKSQLDependency defines the ksqlDB + dependency settings. + properties: + advertisedUrl: + description: advertisedUrl specifies the advertised URL + to use in the browser. + minLength: 1 + pattern: ^https?://.* + type: string + authentication: + description: authentication specifies the authentication + for the ksqlDB cluster. + properties: + basic: + description: basic specifies the configuration for basic + authentication. + properties: + debug: + description: debug enables the basic authentication + debug logs for JaaS configuration. + type: boolean + directoryPathInContainer: + description: 'directoryPathInContainer allows to + pass the basic credential through a directory + path in the container. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + minLength: 1 + type: string + restrictedRoles: + description: restrictedRoles specify the restricted + roles on the server side only. Changes will be + only reflected in Control Center. This configuration + is ignored on the client side configuration. + items: + type: string + minItems: 1 + type: array + roles: + description: roles specify the roles on the server + side only. This configuration is ignored on the + client side configuration. + items: + type: string + type: array + secretRef: + description: 'secretRef defines secret reference + to pass the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the authentication scheme + for the REST API client. Valid options are `basic` + and `mtls`. + enum: + - basic + - mtls + type: string + required: + - type + type: object + name: + description: name specifies the ksqlDB cluster name. + minLength: 1 + type: string + tls: + description: tls specifies the client-side TLS setting for + the ksqlDB cluster. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the + directory path in the container where `keystore.jks`, + `truststore.jks`, and `jksPassword.txt` keys are mounted. + `truststore.jks` is not configured and can be ignored + when the `ignoreTrustStoreConfig` field is set to + `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the + secret containing the JKS password. More info: + https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: url specifies the URL endpoint of the ksqlDB + cluster. + minLength: 1 + pattern: ^https?://.* + type: string + required: + - name + - url + type: object + type: array + mds: + description: mds defines the RBAC dependency configurations. + properties: + authentication: + description: authentication specifies the client side authentication + configuration for the MDS. + properties: + bearer: + description: bearer specifies the bearer authentication + settings. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the + directory path in the container where the credential + is mounted. + minLength: 1 + type: string + secretRef: + description: 'secretRef specifies the name of the + secret that contains the credential. More info: + https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the authentication method + for the MDS. The valid option is `bearer`. + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: endpoint specifies the MDS endpoint. + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: ClientTLSConfig specifies the TLS configuration + for the Confluent component (dependencies, listeners). + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the + secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: tokenKeyPair specifies the token keypair to configure + the MDS. + properties: + directoryPathInContainer: + description: directoryPathInContainer defines the directory + path in the container where the MDS token key pair are + mounted. + minLength: 1 + type: string + secretRef: + description: secretRef references the name of the secret + that contains the MDS token key pair. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - authentication + - endpoint + - tokenKeyPair + type: object + schemaRegistry: + description: schemaRegistry defines the Schema Registry dependency + configurations. + properties: + authentication: + description: authentication specifies the authentication for + the Schema Registry cluster. + properties: + basic: + description: basic specifies the configuration for basic + authentication. + properties: + debug: + description: debug enables the basic authentication + debug logs for JaaS configuration. + type: boolean + directoryPathInContainer: + description: 'directoryPathInContainer allows to pass + the basic credential through a directory path in + the container. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + minLength: 1 + type: string + restrictedRoles: + description: restrictedRoles specify the restricted + roles on the server side only. Changes will be only + reflected in Control Center. This configuration + is ignored on the client side configuration. + items: + type: string + minItems: 1 + type: array + roles: + description: roles specify the roles on the server + side only. This configuration is ignored on the + client side configuration. + items: + type: string + type: array + secretRef: + description: 'secretRef defines secret reference to + pass the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the authentication scheme + for the REST API client. Valid options are `basic` and + `mtls`. + enum: + - basic + - mtls + type: string + required: + - type + type: object + clusters: + items: + description: ControlCenterMultiSchemaRegistryDependency + defines the Schema Registry dependency List. + properties: + authentication: + description: authentication specifies the authentication + for the Schema Registry cluster. + properties: + basic: + description: basic specifies the configuration for + basic authentication. + properties: + debug: + description: debug enables the basic authentication + debug logs for JaaS configuration. + type: boolean + directoryPathInContainer: + description: 'directoryPathInContainer allows + to pass the basic credential through a directory + path in the container. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + minLength: 1 + type: string + restrictedRoles: + description: restrictedRoles specify the restricted + roles on the server side only. Changes will + be only reflected in Control Center. This + configuration is ignored on the client side + configuration. + items: + type: string + minItems: 1 + type: array + roles: + description: roles specify the roles on the + server side only. This configuration is ignored + on the client side configuration. + items: + type: string + type: array + secretRef: + description: 'secretRef defines secret reference + to pass the required credentials. More info: + https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the authentication scheme + for the REST API client. Valid options are `basic` + and `mtls`. + enum: + - basic + - mtls + type: string + required: + - type + type: object + name: + description: name defines the Schema Registry cluster + name. + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + tls: + description: tls defines the client-side TLS setting + for the Schema Registry cluster. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies + the directory path in the container where `keystore.jks`, + `truststore.jks`, and `jksPassword.txt` keys are + mounted. `truststore.jks` is not configured and + can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS + configuration for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the + Confluent component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name + of the secret containing the JKS password. + More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: url specifies the URL endpoint of the Schema + Registry cluster. + minLength: 1 + pattern: ^https?://.* + type: string + required: + - name + - url + type: object + type: array + tls: + description: tls defines the client-side TLS setting for the + Schema Registry cluster. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the + secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: url specifies the URL endpoint of the Schema + Registry cluster. + minLength: 1 + pattern: ^https?://.* + type: string + required: + - url + type: object + type: object + externalAccess: + description: externalAccess specifies the external access configuration + for the Control Center cluster. + properties: + loadBalancer: + description: loadBalancer specifies the configuration to create + a Kubernetes load balancer service. + properties: + advertisedURL: + description: 'advertisedURL specifies the configuration for + advertised listener per pod. It is only supported for MDS + currently. If it is enabled, instead of using internal endpoint, + the MDS advertised listener for each broker will be set + to: `://.` + where podId starts from `0` to `replicaCount -1`. This is + only recommended if you cannot add internal SANs to the + TLS certificates for MDS and the external DNS must be resolved + inside the Kubernetes cluster.' + properties: + enabled: + description: enabled indicates whether to set the MDS + advertised listener url with external endpoint for each + broker. + type: boolean + prefix: + description: prefix specifies the broker prefix for MDS + advertised endpoint if using loadBalancer external access. + If not configured, it uses `b` as default prefix, such + as `b#.domain` where `#` will start from `0` to `replicaCount + -1`. + minLength: 1 + type: string + required: + - enabled + type: object + annotations: + additionalProperties: + type: string + description: annotations is a map of string key and value + pairs. It specifies Kubernetes annotations for the load + balancer service. + type: object + x-kubernetes-map-type: granular + domain: + description: domain is the domain name of the component cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: externalTrafficPolicy specifies the external + traffic policy for the service. Valid options are `Local` + and `Cluster`. + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: loadBalancerSourceRanges specify the source ranges. + items: + type: string + type: array + port: + description: port specifies the external port for the client + consumption. If not configured, the same internal/external + port is configured for the component. Information about + the port can be retrieved through the status API. + format: int32 + type: integer + prefix: + description: prefix specify the prefix for the given domain. + The default value is the name of the cluster. + minLength: 1 + type: string + servicePorts: + description: servicePorts specify the user-provided service + port(s). + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard service + names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in + the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type is NodePort or LoadBalancer. Usually + assigned by the system. If a value is specified, in-range, + and not in use it will be used, otherwise the operation + will fail. If not specified, a port will be allocated + if this Service requires one. If this field is specified + when creating a Service which does not need it, creation + will fail. This field will be wiped when updating + a Service to no longer need it (e.g. changing type + from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this + is not specified, the value of the ''port'' field + is used (an identity map). This field is ignored for + services with clusterIP=None, and should be omitted + or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'sessionAffinity defines the Kubernetes session + affinity. The valid options are `ClientIP` and `None`. `ClientIP` + enables the client IP-based session affinity. The default + value is `None`. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of the session affinity. + properties: + clientIP: + description: clientIP contains the configurations of Client + IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - domain + type: object + nodePort: + description: nodePort specifies the configuration to create a + Kubernetes node port service. + properties: + advertisedURL: + description: advertisedURL specifies the configuration for + advertised listener per pod. It is only supported for MDS + currently. If it is enabled, instead of using internal endpoint, + the MDS advertised listener for each broker will be set + to `://:, + where`podId` starts from `0` to `replicaCount - 1`. This + is only recommended if you cannot add internal SANs to the + TLS certificates for MDS and the external DNS must be resolved + inside the Kubernetes cluster. + properties: + enabled: + description: enabled indicates whether to set the MDS + advertised listener url with external endpoint for each + broker. + type: boolean + prefix: + description: prefix specifies the broker prefix for MDS + advertised endpoint if using loadBalancer external access. + If not configured, it uses `b` as default prefix, such + as `b#.domain` where `#` will start from `0` to `replicaCount + -1`. + minLength: 1 + type: string + required: + - enabled + type: object + annotations: + additionalProperties: + type: string + description: annotations is a map of string key and value + pairs that contains Kubernetes annotations for the node + port service. + type: object + x-kubernetes-map-type: granular + externalTrafficPolicy: + description: externalTrafficPolicy specifies the external + traffic policy for the service. Valid options are `Local` + and `Cluster`. + enum: + - Local + - Cluster + type: string + host: + description: host defines the host name of the cluster. + minLength: 1 + type: string + nodePortOffset: + description: nodePortOffset specifies the starting offset + of the node ports. The port numbers go in ascending order + with respect to the replicas count. NodePort service creation + fails if the node port is not in the range supported by + the Kubernetes API server. The default Kubernetes Node Port + range is `30000` - `32762`. + format: int32 + minimum: 0 + type: integer + servicePorts: + description: servicePorts specify user-provided service port(s). + For Kafka with the nodePort type, this setting is only applied + to Kafka bootstrap service. + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard service + names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in + the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type is NodePort or LoadBalancer. Usually + assigned by the system. If a value is specified, in-range, + and not in use it will be used, otherwise the operation + will fail. If not specified, a port will be allocated + if this Service requires one. If this field is specified + when creating a Service which does not need it, creation + will fail. This field will be wiped when updating + a Service to no longer need it (e.g. changing type + from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this + is not specified, the value of the ''port'' field + is used (an identity map). This field is ignored for + services with clusterIP=None, and should be omitted + or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'sessionAffinity defines the Kubernetes session + affinity. The valid options are `ClientIP` and `None`. `ClientIP` + enables the client IP-based session affinity. The default + value is `None`. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of the session affinity. + properties: + clientIP: + description: clientIP contains the configurations of Client + IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - host + - nodePortOffset + type: object + route: + description: route specifies the configuration to create a route + service in OpenShift. + properties: + annotations: + additionalProperties: + type: string + description: annotations is a map of string key and value + pairs that contains Kubernetes annotations for the route + services. + type: object + x-kubernetes-map-type: granular + domain: + description: domain specifies the domain name of the Confluent + component cluster. + minLength: 1 + type: string + prefix: + description: prefix specifies the component prefix when configured + for the domain. The default value is the name of the cluster. + minLength: 1 + type: string + wildcardPolicy: + description: wildcardPolicy allows you to define a route that + covers all hosts within a domain. Valid options are `Subdomain` + and `None`. The default value is `None`. + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: type specifies the Kubernetes external service for + the component. Valid options are `loadBalancer`, `nodePort`, + and `route`. + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + headlessService: + description: headlessService specifies the configuration of the Kubernetes + headless service. + properties: + annotations: + additionalProperties: + type: string + description: annotations is a map of string key and value pairs. + It specifies the annotations to be added to the CFK-created + headless service. These annotations are merged with the injectAnnotations + and take precedence. + type: object + x-kubernetes-map-type: granular + labels: + additionalProperties: + type: string + description: labels is a map of string key and value pairs. It + specifies the labels to be added to the CFK-created headless + service. These labels are merged with the injectLabels and take + precedence. + type: object + x-kubernetes-map-type: granular + publishNotReadyAddresses: + description: publishNotReadyAddresses specifies the publishNotReadyAddresses + field. For Kafka, this value must be true. The default value + is true. + type: boolean + type: object + id: + description: id specifies the prefix used for this instance of Control + Center when multiple instances of Control Center co-exist. + format: int32 + type: integer + image: + description: image specifies the application and the init docker image + configurations. A change to this setting will roll the cluster. + properties: + application: + description: application is the Docker image name of the application. + Specify `//:`. + pattern: .+:.+ + type: string + init: + description: init is the init-container name. Specify `//:`. + pattern: .+:.+ + type: string + pullPolicy: + description: pullPolicy is the policy for pulling images. Valid + options are `Always`, `Never`, and `IfNotPresent`. The default + value is `IfNotPresent`. + enum: + - Always + - Never + - IfNotPresent + type: string + pullSecretRef: + description: 'pullSecretRef references the secrets in the same + namespace to be used for pulling images. Image pull secrets + are distinct from secrets because secrets can be mounted in + the pod, but image pull secrets are only accessed by `kubelet`. + More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: injectAnnotations are the annotations injected to the + internal resources that CFK created. The internal annotations are + preserved and cannot be overridden. For pod annotations, use `podTemplate.annotations`. + type: object + x-kubernetes-map-type: granular + injectLabels: + additionalProperties: + type: string + description: injectLabels are the labels injected to the internal + resources that CFK created. The internal labels are preserved and + cannot be overridden. For pod labels, use `podTemplate.labels`. + type: object + x-kubernetes-map-type: granular + internalTopicReplicatorFactor: + description: internalTopicReplicationFactor specifies the replication + factor for internal topics. + format: int32 + type: integer + k8sClusterDomain: + description: k8sClusterDomain specifies the configuration of the Kubernetes + cluster domain. The default is the `cluster.local` domain. + type: string + license: + description: license specifies the license configuration for the Confluent + Platform component. + properties: + directoryPathInContainer: + description: 'directoryPathInContainer specifies the directory + path in the container where the license key is mounted. More + info: https://docs.confluent.io/operator/current/co-license.html#update-component-level-licenses' + minLength: 1 + type: string + globalLicense: + description: globalLicense specifies whether the Confluent Platform + component shares the CFK license. + type: boolean + secretRef: + description: 'secretRef references the secret that provides the + license for the Confluent Platform component. More info: https://docs.confluent.io/operator/current/co-license.html#update-component-level-licenses' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + mail: + description: mail specifies the settings that control the SMTP server + and account used when an alert triggers an email action. + properties: + authentication: + description: authentication specifies the authentication for SMTP. + SMP only supports basic authentication. For other types of authentication, + use the config overrides capability. + properties: + basic: + description: basic specifies the configuration for basic authentication. + properties: + debug: + description: debug enables the basic authentication debug + logs for JaaS configuration. + type: boolean + directoryPathInContainer: + description: 'directoryPathInContainer allows to pass + the basic credential through a directory path in the + container. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + minLength: 1 + type: string + restrictedRoles: + description: restrictedRoles specify the restricted roles + on the server side only. Changes will be only reflected + in Control Center. This configuration is ignored on + the client side configuration. + items: + type: string + minItems: 1 + type: array + roles: + description: roles specify the roles on the server side + only. This configuration is ignored on the client side + configuration. + items: + type: string + type: array + secretRef: + description: 'secretRef defines secret reference to pass + the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the authentication scheme for + the REST API client. Valid options are `basic` and `mtls`. + enum: + - basic + - mtls + type: string + required: + - type + type: object + checkServerIdentity: + description: checkServerIdentity forces validation of server’s + certificate when using STARTTLS or SSL. + type: boolean + hostname: + description: hostname is the hostname of the outgoing SMTP server. + minLength: 1 + type: string + mailBounceAddress: + description: mailBounceAddress is the override for the `mailFrom` + config to send message. + minLength: 1 + type: string + mailFrom: + description: mailFrom is the originating address for emails sent + from the Control Center. + minLength: 1 + type: string + port: + description: port is the SMTP port open on the hostname. + format: int32 + type: integer + startTLSRequired: + description: startTLSRequired forces using STARTTLS. + type: boolean + required: + - hostname + type: object + metrics: + description: metrics specify the security settings for the metric + services. + properties: + authentication: + description: authentication specifies the authentication configuration + for the metrics. + properties: + type: + description: type specifies the metrics authentication method. + The valid option is `mtls`. + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: prometheus specifies the configuration overrides + for the JMX-Prometheus exporter. + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Rule defines the Prometheus Exporter rule override. + properties: + attrNameSnakeCase: + type: boolean + cache: + type: boolean + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + anyOf: + - type: integer + - type: string + default: 1 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: tls specifies the TLS configuration for the metrics. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether to ignore + the truststore configuration for the Confluent component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the secret + containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing the + certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + monitoringKafkaClusters: + description: monitoringKafkaClusters specify the configurations for + the Kafka clusters that this Control Center monitors. + items: + description: MonitoringKafkaClusters defines the configuration of + the additional Kafka clusters the Control Center monitors. + properties: + authentication: + description: authentication defines the authentication for the + Kafka cluster. + properties: + jaasConfig: + description: jaasConfig specifies the Kafka client-side + JaaS configuration. + properties: + secretRef: + description: 'secretRef references the secret containing + the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: jaasConfigPassThrough specifies another way + to provide the Kafka client-side JaaS configuration. + properties: + directoryPathInContainer: + description: 'directoryPathInContainer specifies the + directory path in the container where required credentials + are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + minLength: 1 + type: string + secretRef: + description: 'secretRef references the secret containing + the required credentials for authentication. More + info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + oauthbearer: + description: oauthbearer is the authentication mechanism + to provider principals. Only supported in RBAC deployment. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the + directory path in the container where the credential + is mounted. + minLength: 1 + type: string + secretRef: + description: 'secretRef specifies the name of the secret + that contains the credential. More info: https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the Kafka client authentication + type. Valid options are `plain`, `oauthbearer`, `digest`, + and `mtls`. + enum: + - plain + - oauthbearer + - digest + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: bootstrapEndpoint specifies the Kafka bootstrap + endpoint. + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: discovery specifies the capability to discover + the Kafka cluster. + properties: + name: + description: name is the name of the Confluent Platform + component cluster. + type: string + namespace: + description: namespace is where the Confluent Platform component + is running. The default value is the namespace where CFK + is running. + type: string + secretRef: + description: secretRef is the name of the secret used to + discover the Confluent Platform component. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + name: + description: name defines the Kafka cluster name. + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + tls: + description: tls defines the client-side TLS setting for the + Kafka cluster. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether to + ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the secret + containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + required: + - name + type: object + type: array + mountedSecrets: + description: 'mountedSecrets list the secrets injected to the underlying + statefulset configuration. The secret reference is mounted in the + default path `/mnt/secrets/`. The underlying resources + will follow the secret as a file configuration. More info: https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod. + A change to this setting will roll the cluster.' + items: + description: MountedSecrets provides a way to inject a custom secret + to the underlying statefulset. + properties: + keyItems: + description: keyItems are key and path names. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions + on this file. Must be an octal value between 0000 and + 0777 or a decimal value between 0 and 511. YAML accepts + both octal and decimal values, JSON requires decimal + values for mode bits. If not specified, the volume defaultMode + will be used. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: secretRef references the name of the secret. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + mountedVolumes: + description: mountedVolumes list the custom volumes that need to be + mounted into the underlying statefulset. A change to this setting + will roll the cluster. + properties: + volumeMounts: + description: volumeMounts specify the list of volume mounts for + the pods in the statefulset. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + description: volumes specify the list of volumes that can be mounted + into the pods of statefulset. + items: + description: Volume represents a named volume in a pod that + may be accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'AWSElasticBlockStore represents an AWS Disk + resource that is attached to a kubelet''s host machine + and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'Filesystem type of the volume that you + want to mount. Tip: Ensure that the filesystem type + is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + partition: + description: 'The partition in the volume that you want + to mount. If omitted, the default is to mount by volume + name. Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume partition + for /dev/sda is "0" (or you can leave the property + empty).' + format: int32 + type: integer + readOnly: + description: 'Specify "true" to force and set the ReadOnly + property in VolumeMounts to "true". If omitted, the + default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'Unique ID of the persistent disk resource + in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: AzureDisk represents an Azure Data Disk mount + on the host and bind mount to the pod. + properties: + cachingMode: + description: 'Host Caching mode: None, Read Only, Read + Write.' + type: string + diskName: + description: The Name of the data disk in the blob storage + type: string + diskURI: + description: The URI the data disk in the blob storage + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if + unspecified. + type: string + kind: + description: 'Expected values Shared: multiple blob + disks per storage account Dedicated: single blob + disk per storage account Managed: azure managed data + disk (only in managed availability set). defaults + to shared' + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: AzureFile represents an Azure File Service + mount on the host and bind mount to the pod. + properties: + readOnly: + description: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: the name of secret that contains Azure + Storage Account Name and Key + type: string + shareName: + description: Share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: CephFS represents a Ceph FS mount on the host + that shares a pod's lifetime + properties: + monitors: + description: 'Required: Monitors is a collection of + Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'Optional: Used as the mounted root, rather + than the full Ceph tree, default is /' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'Optional: SecretFile is the path to key + ring for User, default is /etc/ceph/user.secret More + info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'Optional: SecretRef is reference to the + authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + user: + description: 'Optional: User is the rados user name, + default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'Cinder represents a cinder volume attached + and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'Optional: points to a secret object containing + parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + volumeID: + description: 'volume id used to identify the volume + in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: ConfigMap represents a configMap that should + populate this volume + properties: + defaultMode: + description: 'Optional: mode bits used to set permissions + on created files by default. Must be an octal value + between 0000 and 0777 or a decimal value between 0 + and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults + to 0644. Directories within the path are not affected + by this setting. This might be in conflict with other + options that affect the file mode, like fsGroup, and + the result can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in + the Data field of the referenced ConfigMap will be + projected into the volume as a file whose name is + the key and content is the value. If specified, the + listed keys will be projected into the specified paths, + and unlisted keys will not be present. If a key is + specified which is not present in the ConfigMap, the + volume setup will error unless it is marked optional. + Paths must be relative and may not contain the '..' + path or start with '..'. + items: + description: Maps a string key to a path within a + volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set + permissions on this file. Must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal + values, JSON requires decimal values for mode + bits. If not specified, the volume defaultMode + will be used. This might be in conflict with + other options that affect the file mode, like + fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + path: + description: The relative path of the file to + map the key to. May not be an absolute path. + May not contain the path element '..'. May not + start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys + must be defined + type: boolean + type: object + csi: + description: CSI (Container Storage Interface) represents + ephemeral storage that is handled by certain external + CSI drivers (Beta feature). + properties: + driver: + description: Driver is the name of the CSI driver that + handles this volume. Consult with your admin for the + correct name as registered in the cluster. + type: string + fsType: + description: Filesystem type to mount. Ex. "ext4", "xfs", + "ntfs". If not provided, the empty value is passed + to the associated CSI driver which will determine + the default filesystem to apply. + type: string + nodePublishSecretRef: + description: NodePublishSecretRef is a reference to + the secret object containing sensitive information + to pass to the CSI driver to complete the CSI NodePublishVolume + and NodeUnpublishVolume calls. This field is optional, + and may be empty if no secret is required. If the + secret object contains more than one secret, all secret + references are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + readOnly: + description: Specifies a read-only configuration for + the volume. Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: VolumeAttributes stores driver-specific + properties that are passed to the CSI driver. Consult + your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: DownwardAPI represents downward API about the + pod that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created + files by default. Must be a Optional: mode bits used + to set permissions on created files by default. Must + be an octal value between 0000 and 0777 or a decimal + value between 0 and 511. YAML accepts both octal and + decimal values, JSON requires decimal values for mode + bits. Defaults to 0644. Directories within the path + are not affected by this setting. This might be in + conflict with other options that affect the file mode, + like fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume + file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the + pod: only annotations, labels, name and namespace + are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits used to set + permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal + values, JSON requires decimal values for mode + bits. If not specified, the volume defaultMode + will be used. This might be in conflict with + other options that affect the file mode, like + fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must not + be absolute or contain the ''..'' path. Must + be utf-8 encoded. The first item of the relative + path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'EmptyDir represents a temporary directory + that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'What type of storage medium should back + this directory. The default is "" which means to use + the node''s default medium. Must be an empty string + (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'Total amount of local storage required + for this EmptyDir volume. The size limit is also applicable + for memory medium. The maximum usage on memory medium + EmptyDir would be the minimum value between the SizeLimit + specified here and the sum of memory limits of all + containers in a pod. The default is nil which means + that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: "Ephemeral represents a volume that is handled + by a cluster storage driver. The volume's lifecycle is + tied to the pod that defines it - it will be created before + the pod starts, and deleted when the pod is removed. \n + Use this if: a) the volume is only needed while the pod + runs, b) features of normal volumes like restoring from + snapshot or capacity tracking are needed, c) the storage + driver is specified through a storage class, and d) the + storage driver supports dynamic volume provisioning through + \ a PersistentVolumeClaim (see EphemeralVolumeSource + for more information on the connection between this + volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim + or one of the vendor-specific APIs for volumes that persist + for longer than the lifecycle of an individual pod. \n + Use CSI for light-weight local ephemeral volumes if the + CSI driver is meant to be used that way - see the documentation + of the driver for more information. \n A pod can use both + types of ephemeral volumes and persistent volumes at the + same time." + properties: + volumeClaimTemplate: + description: "Will be used to create a stand-alone PVC + to provision the volume. The pod in which this EphemeralVolumeSource + is embedded will be the owner of the PVC, i.e. the + PVC will be deleted together with the pod. The name + of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` + array entry. Pod validation will reject the pod if + the concatenated name is not valid for a PVC (for + example, too long). \n An existing PVC with that name + that is not owned by the pod will *not* be used for + the pod to avoid using an unrelated volume by mistake. + Starting the pod is then blocked until the unrelated + PVC is removed. If such a pre-created PVC is meant + to be used by the pod, the PVC has to updated with + an owner reference to the pod once the pod exists. + Normally this should not be necessary, but it may + be useful when manually reconstructing a broken cluster. + \n This field is read-only and no changes will be + made by Kubernetes to the PVC after it has been created. + \n Required, must not be nil." + properties: + metadata: + description: May contain labels and annotations + that will be copied into the PVC when creating + it. No other fields are allowed and will be rejected + during validation. + type: object + spec: + description: The specification for the PersistentVolumeClaim. + The entire content is copied unchanged into the + PVC that gets created from this template. The + same fields as in a PersistentVolumeClaim are + also valid here. + properties: + accessModes: + description: 'AccessModes contains the desired + access modes the volume should have. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'This field can be used to specify + either: * An existing VolumeSnapshot object + (snapshot.storage.k8s.io/VolumeSnapshot) * + An existing PVC (PersistentVolumeClaim) If + the provisioner or an external controller + can support the specified data source, it + will create a new volume based on the contents + of the specified data source. If the AnyVolumeDataSource + feature gate is enabled, this field will always + have the same contents as the DataSourceRef + field.' + properties: + apiGroup: + description: APIGroup is the group for the + resource being referenced. If APIGroup + is not specified, the specified Kind must + be in the core API group. For any other + third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + dataSourceRef: + description: 'Specifies the object from which + to populate the volume with data, if a non-empty + volume is desired. This may be any local object + from a non-empty API group (non core object) + or a PersistentVolumeClaim object. When this + field is specified, volume binding will only + succeed if the type of the specified object + matches some installed volume populator or + dynamic provisioner. This field will replace + the functionality of the DataSource field + and as such if both fields are non-empty, + they must have the same value. For backwards + compatibility, both fields (DataSource and + DataSourceRef) will be set to the same value + automatically if one of them is empty and + the other is non-empty. There are two important + differences between DataSource and DataSourceRef: + * While DataSource only allows two specific + types of objects, DataSourceRef allows any + non-core object, as well as PersistentVolumeClaim + objects. * While DataSource ignores disallowed + values (dropping them), DataSourceRef preserves + all values, and generates an error if a disallowed + value is specified. (Alpha) Using this field + requires the AnyVolumeDataSource feature gate + to be enabled.' + properties: + apiGroup: + description: APIGroup is the group for the + resource being referenced. If APIGroup + is not specified, the specified Kind must + be in the core API group. For any other + third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + resources: + description: 'Resources represents the minimum + resources the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify + resource requirements that are lower than + previous value but must still be higher than + capacity recorded in the status field of the + claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. + If Requests is omitted for a container, + it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: A label query over volumes to consider + for binding. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'Name of the StorageClass required + by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of + volume is required by the claim. Value of + Filesystem is implied when not included in + claim spec. + type: string + volumeName: + description: VolumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: FC represents a Fibre Channel resource that + is attached to a kubelet's host machine and then exposed + to the pod. + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if + unspecified. TODO: how do we prevent errors in the + filesystem from compromising the machine' + type: string + lun: + description: 'Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'Optional: FC target worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: 'Optional: FC volume world wide identifiers + (wwids) Either wwids or combination of targetWWNs + and lun must be set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: FlexVolume represents a generic volume resource + that is provisioned/attached using an exec based plugin. + properties: + driver: + description: Driver is the name of the driver to use + for this volume. + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". The default filesystem depends on FlexVolume + script. + type: string + options: + additionalProperties: + type: string + description: 'Optional: Extra command options if any.' + type: object + readOnly: + description: 'Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'Optional: SecretRef is reference to the + secret object containing sensitive information to + pass to the plugin scripts. This may be empty if no + secret object is specified. If the secret object contains + more than one secret, all secrets are passed to the + plugin scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + required: + - driver + type: object + flocker: + description: Flocker represents a Flocker volume attached + to a kubelet's host machine. This depends on the Flocker + control service being running + properties: + datasetName: + description: Name of the dataset stored as metadata + -> name on the dataset for Flocker should be considered + as deprecated + type: string + datasetUUID: + description: UUID of the dataset. This is unique identifier + of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'GCEPersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then + exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'Filesystem type of the volume that you + want to mount. Tip: Ensure that the filesystem type + is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + partition: + description: 'The partition in the volume that you want + to mount. If omitted, the default is to mount by volume + name. Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume partition + for /dev/sda is "0" (or you can leave the property + empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'Unique name of the PD resource in GCE. + Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly + setting in VolumeMounts. Defaults to false. More info: + https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'GitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision + a container with a git repo, mount an EmptyDir into an + InitContainer that clones the repo using git, then mount + the EmptyDir into the Pod''s container.' + properties: + directory: + description: Target directory name. Must not contain + or start with '..'. If '.' is supplied, the volume + directory will be the git repository. Otherwise, + if specified, the volume will contain the git repository + in the subdirectory with the given name. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'Glusterfs represents a Glusterfs mount on + the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'EndpointsName is the endpoint name that + details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'Path is the Glusterfs volume path. More + info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'ReadOnly here will force the Glusterfs + volume to be mounted with read-only permissions. Defaults + to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'HostPath represents a pre-existing file or + directory on the host machine that is directly exposed + to the container. This is generally used for system agents + or other privileged things that are allowed to see the + host machine. Most containers will NOT need this. More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host + directory mounts and who can/can not mount host directories + as read/write.' + properties: + path: + description: 'Path of the directory on the host. If + the path is a symlink, it will follow the link to + the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'Type for HostPath Volume Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'ISCSI represents an ISCSI Disk resource that + is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: whether support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: whether support iSCSI Session CHAP authentication + type: boolean + fsType: + description: 'Filesystem type of the volume that you + want to mount. Tip: Ensure that the filesystem type + is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + initiatorName: + description: Custom iSCSI Initiator Name. If initiatorName + is specified with iscsiInterface simultaneously, new + iSCSI interface : will + be created for the connection. + type: string + iqn: + description: Target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iSCSI Interface Name that uses an iSCSI + transport. Defaults to 'default' (tcp). + type: string + lun: + description: iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: iSCSI Target Portal List. The portal is + either an IP or ip_addr:port if the port is other + than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: CHAP Secret for iSCSI target and initiator + authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + targetPortal: + description: iSCSI Target Portal. The Portal is either + an IP or ip_addr:port if the port is other than default + (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique + within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'NFS represents an NFS mount on the host that + shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'Path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'ReadOnly here will force the NFS export + to be mounted with read-only permissions. Defaults + to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'Server is the hostname or IP address of + the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'PersistentVolumeClaimVolumeSource represents + a reference to a PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'ClaimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: PhotonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host + machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if + unspecified. + type: string + pdID: + description: ID that identifies Photon Controller persistent + disk + type: string + required: + - pdID + type: object + portworxVolume: + description: PortworxVolume represents a portworx volume + attached and mounted on kubelets host machine + properties: + fsType: + description: FSType represents the filesystem type to + mount Must be a filesystem type supported by the host + operating system. Ex. "ext4", "xfs". Implicitly inferred + to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: VolumeID uniquely identifies a Portworx + volume + type: string + required: + - volumeID + type: object + projected: + description: Items for all in one resources secrets, configmaps, + and downward API + properties: + defaultMode: + description: Mode bits used to set permissions on created + files by default. Must be an octal value between 0000 + and 0777 or a decimal value between 0 and 511. YAML + accepts both octal and decimal values, JSON requires + decimal values for mode bits. Directories within the + path are not affected by this setting. This might + be in conflict with other options that affect the + file mode, like fsGroup, and the result can be other + mode bits set. + format: int32 + type: integer + sources: + description: list of volume projections + items: + description: Projection that may be projected along + with other supported volume types + properties: + configMap: + description: information about the configMap data + to project + properties: + items: + description: If unspecified, each key-value + pair in the Data field of the referenced + ConfigMap will be projected into the volume + as a file whose name is the key and content + is the value. If specified, the listed keys + will be projected into the specified paths, + and unlisted keys will not be present. If + a key is specified which is not present + in the ConfigMap, the volume setup will + error unless it is marked optional. Paths + must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used + to set permissions on this file. Must + be an octal value between 0000 and + 0777 or a decimal value between 0 + and 511. YAML accepts both octal and + decimal values, JSON requires decimal + values for mode bits. If not specified, + the volume defaultMode will be used. + This might be in conflict with other + options that affect the file mode, + like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the + file to map the key to. May not be + an absolute path. May not contain + the path element '..'. May not start + with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + downwardAPI: + description: information about the downwardAPI + data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits used + to set permissions on this file, must + be an octal value between 0000 and + 0777 or a decimal value between 0 + and 511. YAML accepts both octal and + decimal values, JSON requires decimal + values for mode bits. If not specified, + the volume defaultMode will be used. + This might be in conflict with other + options that affect the file mode, + like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the + relative path name of the file to + be created. Must not be absolute or + contain the ''..'' path. Must be utf-8 + encoded. The first item of the relative + path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of + the container: only resources limits + and requests (limits.cpu, limits.memory, + requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: information about the secret data + to project + properties: + items: + description: If unspecified, each key-value + pair in the Data field of the referenced + Secret will be projected into the volume + as a file whose name is the key and content + is the value. If specified, the listed keys + will be projected into the specified paths, + and unlisted keys will not be present. If + a key is specified which is not present + in the Secret, the volume setup will error + unless it is marked optional. Paths must + be relative and may not contain the '..' + path or start with '..'. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used + to set permissions on this file. Must + be an octal value between 0000 and + 0777 or a decimal value between 0 + and 511. YAML accepts both octal and + decimal values, JSON requires decimal + values for mode bits. If not specified, + the volume defaultMode will be used. + This might be in conflict with other + options that affect the file mode, + like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the + file to map the key to. May not be + an absolute path. May not contain + the path element '..'. May not start + with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + type: object + serviceAccountToken: + description: information about the serviceAccountToken + data to project + properties: + audience: + description: Audience is the intended audience + of the token. A recipient of a token must + identify itself with an identifier specified + in the audience of the token, and otherwise + should reject the token. The audience defaults + to the identifier of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested + duration of validity of the service account + token. As the token approaches expiration, + the kubelet volume plugin will proactively + rotate the service account token. The kubelet + will start trying to rotate the token if + the token is older than 80 percent of its + time to live or if the token is older than + 24 hours.Defaults to 1 hour and must be + at least 10 minutes. + format: int64 + type: integer + path: + description: Path is the path relative to + the mount point of the file to project the + token into. + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + description: Quobyte represents a Quobyte mount on the host + that shares a pod's lifetime + properties: + group: + description: Group to map volume access to Default is + no group + type: string + readOnly: + description: ReadOnly here will force the Quobyte volume + to be mounted with read-only permissions. Defaults + to false. + type: boolean + registry: + description: Registry represents a single or multiple + Quobyte Registry services specified as a string as + host:port pair (multiple entries are separated with + commas) which acts as the central registry for volumes + type: string + tenant: + description: Tenant owning the given Quobyte volume + in the Backend Used with dynamically provisioned Quobyte + volumes, value is set by the plugin + type: string + user: + description: User to map volume access to Defaults to + serivceaccount user + type: string + volume: + description: Volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'RBD represents a Rados Block Device mount + on the host that shares a pod''s lifetime. More info: + https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'Filesystem type of the volume that you + want to mount. Tip: Ensure that the filesystem type + is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + image: + description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'Keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'A collection of Ceph monitors. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'The rados pool name. Default is rbd. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly + setting in VolumeMounts. Defaults to false. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'SecretRef is name of the authentication + secret for RBDUser. If provided overrides keyring. + Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + user: + description: 'The rados user name. Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: ScaleIO represents a ScaleIO persistent volume + attached and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: The host address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: The name of the ScaleIO Protection Domain + for the configured storage. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef references to the secret for + ScaleIO user and other sensitive information. If this + is not provided, Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + sslEnabled: + description: Flag to enable/disable SSL communication + with Gateway, default false + type: boolean + storageMode: + description: Indicates whether the storage for a volume + should be ThickProvisioned or ThinProvisioned. Default + is ThinProvisioned. + type: string + storagePool: + description: The ScaleIO Storage Pool associated with + the protection domain. + type: string + system: + description: The name of the storage system as configured + in ScaleIO. + type: string + volumeName: + description: The name of a volume already created in + the ScaleIO system that is associated with this volume + source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'Secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'Optional: mode bits used to set permissions + on created files by default. Must be an octal value + between 0000 and 0777 or a decimal value between 0 + and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults + to 0644. Directories within the path are not affected + by this setting. This might be in conflict with other + options that affect the file mode, like fsGroup, and + the result can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in + the Data field of the referenced Secret will be projected + into the volume as a file whose name is the key and + content is the value. If specified, the listed keys + will be projected into the specified paths, and unlisted + keys will not be present. If a key is specified which + is not present in the Secret, the volume setup will + error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start + with '..'. + items: + description: Maps a string key to a path within a + volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set + permissions on this file. Must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal + values, JSON requires decimal values for mode + bits. If not specified, the volume defaultMode + will be used. This might be in conflict with + other options that affect the file mode, like + fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + path: + description: The relative path of the file to + map the key to. May not be an absolute path. + May not contain the path element '..'. May not + start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: Specify whether the Secret or its keys + must be defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace + to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: StorageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if + unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef specifies the secret to use for + obtaining the StorageOS API credentials. If not specified, + default values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + volumeName: + description: VolumeName is the human-readable name of + the StorageOS volume. Volume names are only unique + within a namespace. + type: string + volumeNamespace: + description: VolumeNamespace specifies the scope of + the volume within StorageOS. If no namespace is specified + then the Pod's namespace will be used. This allows + the Kubernetes name scoping to be mirrored within + StorageOS for tighter integration. Set VolumeName + to any name to override the default behaviour. Set + to "default" if you are not using namespaces within + StorageOS. Namespaces that do not pre-exist within + StorageOS will be created. + type: string + type: object + vsphereVolume: + description: VsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if + unspecified. + type: string + storagePolicyID: + description: Storage Policy Based Management (SPBM) + profile ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: Storage Policy Based Management (SPBM) + profile name. + type: string + volumePath: + description: Path that identifies vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + required: + - volumeMounts + - volumes + type: object + name: + description: name is the Control Center cluster name. + type: string + oneReplicaPerNode: + description: oneReplicaPerNode controls whether to run 1 pod per node + using the pod anti-affinity capability. Enabling this configuration + in an existing cluster will roll the cluster. + type: boolean + podTemplate: + description: podTemplate specifies the statefulset pod template configuration. + properties: + affinity: + description: 'affinity specifies a group of affinity scheduling + rules. More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity.' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from + its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term + matches no objects. The requirements of them are + ANDed. The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. This + field is beta-level and is only honored when + PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. This field is beta-level + and is only honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node that + violates one or more of the expressions. The node that + is most preferred is the one with the greatest sum of + weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. This + field is beta-level and is only honored when + PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod + label update), the system may or may not try to eventually + evict the pod from its node. When there are multiple + elements, the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. This field is beta-level + and is only honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'annotations is a map of string key and value pairs + stored with the resource and may be set by external tools to + store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations.' + type: object + x-kubernetes-map-type: granular + envVars: + description: 'envVars contain environment variables to be injected + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container.' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. If + a variable cannot be resolved, the reference in the input + string will be unchanged. Double $$ are reduced to a single + $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'labels is a map of string key and value pairs that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels.' + type: object + x-kubernetes-map-type: granular + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present + in container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to + all containers in a pod. Some volume types allow the Kubelet + to change the ownership of that volume to be owned by the + pod: \n 1. The owning GID will be the FSGroup 2. The setgid + bit is set (new files created in the volume will be owned + by FSGroup) 3. The permission bits are OR'd with rw-rw---- + \n If unset, the Kubelet will not modify the ownership and + permissions of any volume. Note that this field cannot be + set when spec.os.name is windows." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified, "Always" is used. Note that + this field cannot be set when spec.os.name is windows.' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. Note that this field + cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + Note that this field cannot be set when spec.os.name is + windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence + for that container. Note that this field cannot be set when + spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by the containers + in this pod. Note that this field cannot be set when spec.os.name + is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile must + be preconfigured on the node to work. Must be a descending + path, relative to the kubelet's configured seccomp profile + location. Must only be set if type is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - a + profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile + should be used. Unconfined - no profile should be applied." + type: string + required: + - type + type: object + supplementalGroups: + description: A list of groups applied to the first process + run in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + Note that this field cannot be set when spec.os.name is + windows. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. Note that this field cannot + be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options within a container's + SecurityContext will be used. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. This field is + alpha-level and will only be honored by components that + enable the WindowsHostProcessContainers feature flag. + Setting this field without the feature flag will result + in errors when validating the Pod. All of a Pod's containers + must have the same effective HostProcess value (it is + not allowed to have a mix of HostProcess containers + and non-HostProcess containers). In addition, if HostProcess + is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + priorityClassName: + description: priorityClassName specifies the priority class for + the pod (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: probe contains the fields for standard Kubernetes + readiness/liveness probe configuration. + properties: + liveness: + description: liveness configures the Kubernetes probe settings. + The changes will override the existing default configuration. + properties: + failureThreshold: + description: failureThreshold is the minimum consecutive + failures for the probe to be considered failed. Confluent + Platform components come with the right configuration, + and this setting is not required to change most of the + time. + format: int32 + type: integer + initialDelaySeconds: + description: initialDelaySeconds is the number of seconds + after the container has started and before probes are + initiated. Confluent Platform components come with the + right configuration, and this setting is not required + to change most of the time. + format: int32 + type: integer + periodSeconds: + description: periodSeconds specifies how often to perform + the probe. Confluent Platform components come with the + right configuration, and this setting is not required + to change most of the time. + format: int32 + type: integer + successThreshold: + description: successThreshold is the minimum consecutive + successes for the probe to be considered successful + after having failed. The default values is `1`. Must + be `1` for liveness and startup. The minimum value is + `1`. + format: int32 + type: integer + timeoutSeconds: + description: timeoutSeconds is the number of seconds after + which the probe times out. Confluent Platform components + come with the right configuration, and this setting + is not required to change most of the time. + format: int32 + type: integer + type: object + readiness: + description: readiness configures the Kubernetes probe setting. + The changes will override the existing default configuration. + properties: + failureThreshold: + description: failureThreshold is the minimum consecutive + failures for the probe to be considered failed. Confluent + Platform components come with the right configuration, + and this setting is not required to change most of the + time. + format: int32 + type: integer + initialDelaySeconds: + description: initialDelaySeconds is the number of seconds + after the container has started and before probes are + initiated. Confluent Platform components come with the + right configuration, and this setting is not required + to change most of the time. + format: int32 + type: integer + periodSeconds: + description: periodSeconds specifies how often to perform + the probe. Confluent Platform components come with the + right configuration, and this setting is not required + to change most of the time. + format: int32 + type: integer + successThreshold: + description: successThreshold is the minimum consecutive + successes for the probe to be considered successful + after having failed. The default values is `1`. Must + be `1` for liveness and startup. The minimum value is + `1`. + format: int32 + type: integer + timeoutSeconds: + description: timeoutSeconds is the number of seconds after + which the probe times out. Confluent Platform components + come with the right configuration, and this setting + is not required to change most of the time. + format: int32 + type: integer + type: object + type: object + resources: + description: resources describe the compute resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: SecurityContext holds security configuration that + will be applied to a container. Some fields are present in both + SecurityContext and PodSecurityContext. When both are set, + the values in SecurityContext take precedence. + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN Note that this field cannot be set + when spec.os.name is windows.' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. Note that this field cannot be set when + spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. Note that this field cannot + be set when spec.os.name is windows. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. Note that this field cannot be set when spec.os.name + is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. Note that this field cannot be set when + spec.os.name is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this container. + If seccomp options are provided at both the pod & container + level, the container options override the pod options. Note + that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile must + be preconfigured on the node to work. Must be a descending + path, relative to the kubelet's configured seccomp profile + location. Must only be set if type is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - a + profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile + should be used. Unconfined - no profile should be applied." + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is + linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. This field is + alpha-level and will only be honored by components that + enable the WindowsHostProcessContainers feature flag. + Setting this field without the feature flag will result + in errors when validating the Pod. All of a Pod's containers + must have the same effective HostProcess value (it is + not allowed to have a mix of HostProcess containers + and non-HostProcess containers). In addition, if HostProcess + is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the service account + used to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account.' + type: string + terminationGracePeriodSeconds: + description: terminationGracePeriodSeconds is the grace period + before the pod is deleted. + format: int64 + type: integer + tolerations: + description: tolerations specify the pods to schedule onto the + nodes with matching taints, using the triple `` + and the matching operator ``. + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: topologySpreadConstraints describe how a group of + pods ought to spread across topology domains. Scheduler will + schedule pods based on the constraints. All topologySpreadConstraints + are ANDed. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods + may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, + it is the maximum permitted difference between the number + of matching pods in the target topology and the global + minimum. For example, in a 3-zone cluster, MaxSkew is + set to 1, and pods with the same labelSelector spread + as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | + - if MaxSkew is 1, incoming pod can only be scheduled + to zone3 to become 1/1/1; scheduling it onto zone1(zone2) + would make the ActualSkew(2-0) on zone1(zone2) violate + MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled + onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, + it is used to give higher precedence to topologies that + satisfy it. It''s a required field. Default value is 1 + and 0 is not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - + DoNotSchedule (default) tells the scheduler not to schedule + it. - ScheduleAnyway tells the scheduler to schedule the + pod in any location, but giving higher precedence to + topologies that would help reduce the skew. A constraint + is considered "Unsatisfiable" for an incoming pod if and + only if every possible node assignment for that pod would + violate "MaxSkew" on some topology. For example, in a + 3-zone cluster, MaxSkew is set to 1, and pods with the + same labelSelector spread as 3/1/1: | zone1 | zone2 | + zone3 | | P P P | P | P | If WhenUnsatisfiable + is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) + on zone2(zone3) satisfies MaxSkew(1). In other words, + the cluster can still be imbalanced, but scheduler won''t + make it *more* imbalanced. It''s a required field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + replicas: + description: replicas is the desired number of replicas. A change + to this setting will roll the cluster. + format: int32 + type: integer + storageClass: + description: storageClass references the user-provided storage class. + properties: + name: + description: name is the storage class name. + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + telemetry: + description: telemetry specifies the Confluent telemetry reporter + configuration. + properties: + global: + description: global allows disabling telemetry configuration. + If CFK is deployed with telemetry, this field is only used to + disable telemetry. The default value is `true` if telemetry + is enabled at the global level. + type: boolean + type: object + tls: + description: tls specifies the TLS configurations. + properties: + autoGeneratedCerts: + description: autoGeneratedCerts specifies that the certificates + are auto-generated based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` is + not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether to ignore + the truststore configuration for the Confluent component. + type: boolean + jksPassword: + description: jksPassword references the secret containing the + JKS password. + properties: + secretRef: + description: 'secretRef references the name of the secret + containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing the certificates. + More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - dataVolumeCapacity + - image + - replicas + type: object + status: + description: status defines the observed state of the Control Center cluster. + properties: + authorizationType: + description: authorizationType is the authorization type for this + Confluent component. + type: string + clusterName: + description: clusterName is the name of the Confluent Platform component + cluster. + type: string + clusterNamespace: + description: clusterNamespace is the namespace where the Confluent + Platform component cluster is running. + type: string + conditions: + description: conditions specify the latest available observations + of the current state. + items: + description: Condition represent the latest available observations + of the current state. + properties: + lastProbeTime: + description: lastProbeTime shows the last time the condition + was evaluated. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime shows the last time the condition + was transitioned from one status to another. + format: date-time + type: string + message: + description: message shows a human-readable message with details + about the transition. + type: string + reason: + description: reason shows the reason for the last transition + of the condition. + type: string + status: + description: status shows the status of the condition, one of + `True`, `False`, or `Unknown`. + type: string + type: + description: type shows the condition type. + type: string + type: object + type: array + controlCenterName: + description: name is the name of the Control Center cluster. + type: string + currentReplicas: + description: currentReplicas is the number of currently running replicas. + format: int32 + type: integer + id: + description: id is the identifier of the Control Center cluster. + format: int32 + type: integer + internalSecrets: + description: internalSecrets are internal secrets created by CFK for + this Confluent component. + items: + type: string + type: array + internalTopicNames: + description: internalTopicNames are the topics used by the component + for internal use. + items: + type: string + type: array + kafka: + description: kafka is the Kafka client side status for the Control + Center cluster. + properties: + authenticationType: + description: authenticationType describes the authentication method + for the Kafka cluster. + type: string + bootstrapEndpoint: + description: bootstrapEndpoint specifies the Kafka bootstrap endpoint. + type: string + tls: + description: tls indicates whether TLS is enabled for the Kafka + dependency. + type: boolean + type: object + operatorVersion: + description: operatorVersion is the internal version of CFK. + type: string + phase: + description: phase describes the state of the Confluent Platform component. + type: string + rbac: + description: rbac contains the RBAC-related status when RBAC is enabled. + properties: + clusterID: + description: clusterID specifies the id of the cluster. + type: string + internalRolebindings: + description: internalRolebindings specifies the internal rolebindings. + items: + type: string + type: array + type: object + readyReplicas: + description: readyReplicas is the number of currently ready replicas. + format: int32 + type: integer + replicas: + description: replicas is the number of replicas. + format: int32 + type: integer + restConfig: + description: restConfig is the REST API configuration of the Control + Center cluster. + properties: + advertisedExternalEndpoints: + description: advertisedExternalEndpoints specifies other advertised + endpoints used, especially for Kafka. + items: + type: string + type: array + authenticationType: + description: authenticationType shows the authentication type + configured by the listener. + type: string + externalAccessType: + description: externalAccessType shows the external access type + used for the listener. + type: string + externalEndpoint: + description: externalEndpoint specifies the external endpoint + to connect to the Confluent component cluster. + type: string + internalEndpoint: + description: internalEndpoint specifies the internal endpoint + to connect to the Confluent component cluster. + type: string + tls: + description: tls shows whether TLS is configured for the listener. + type: boolean + type: object + selector: + description: selector gets the label selector of the child pod. The + Horizontal Pod Autoscaler(HPA) will scale using the label selector + of the child pod. + type: string + required: + - id + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.3.0/crds/platform.confluent.io_kafkarestclasses.yaml b/base/cfk-base/2.3.0/crds/platform.confluent.io_kafkarestclasses.yaml new file mode 100644 index 0000000..b94c938 --- /dev/null +++ b/base/cfk-base/2.3.0/crds/platform.confluent.io_kafkarestclasses.yaml @@ -0,0 +1,381 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_kafkarestclasses.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + name: kafkarestclasses.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: KafkaRestClass + listKind: KafkaRestClassList + plural: kafkarestclasses + shortNames: + - krc + - kafkarestclass + singular: kafkarestclass + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: KafkaRestClass is the schema for the Kafka REST API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec defines the desired state of the KafkaRestClass. + properties: + kafkaClusterRef: + description: kafkaClusterRef specifies the name of the Kafka cluster. + properties: + name: + description: name specifies the name of the Confluent Platform + component cluster. + type: string + namespace: + description: namespace specifies the namespace where the Confluent + Platform component cluster is running. + type: string + required: + - name + type: object + kafkaRest: + description: kafkaRest specifies the Kafka REST API configuration. + properties: + authentication: + description: authentication specifies the REST API authentication + mechanism. + properties: + basic: + description: basic specifies the basic authentication settings + for the REST API client. + properties: + debug: + description: debug enables the basic authentication debug + logs for JaaS configuration. + type: boolean + directoryPathInContainer: + description: 'directoryPathInContainer allows to pass + the basic credential through a directory path in the + container. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + minLength: 1 + type: string + restrictedRoles: + description: restrictedRoles specify the restricted roles + on the server side only. Changes will be only reflected + in Control Center. This configuration is ignored on + the client side configuration. + items: + type: string + minItems: 1 + type: array + roles: + description: roles specify the roles on the server side + only. This configuration is ignored on the client side + configuration. + items: + type: string + type: array + secretRef: + description: 'secretRef defines secret reference to pass + the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + bearer: + description: bearer specifies the bearer authentication settings + for the REST API client. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where the credential is mounted. + minLength: 1 + type: string + secretRef: + description: 'secretRef specifies the name of the secret + that contains the credential. More info: https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the REST API authentication type. + Valid options are `basic`, `bearer`, and `mtls`. + enum: + - basic + - bearer + - mtls + type: string + required: + - type + type: object + endpoint: + description: endpoint specifies where Confluent REST API is running. + minLength: 1 + pattern: ^https?://.* + type: string + kafkaClusterID: + description: kafkaClusterID specifies the id of Kafka cluster. + It takes precedence over using the Kafka REST API to get the + cluster id. + minLength: 1 + type: string + tls: + description: tls specifies the custom TLS structure for the application + resources, e.g. connector, topic, schema, of the Confluent Platform + components. + properties: + directoryPathInContainer: + description: directoryPathInContainer contains the directory + path in the container where `keystore.jks`, `truststore.jks`, + `jksPassword.txt` keys are mounted. + minLength: 1 + type: string + jksPassword: + description: jksPassword specifies the secret name that contains + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the secret + containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef specifies the secret name that contains + the certificates. More info about certificates key/value + format: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: object + secondaryKafkaClusterRef: + description: secondaryKafkaClusterRef specifies the name of the secondary + Kafka cluster when using centralized RBAC. + properties: + name: + description: name specifies the name of the Confluent Platform + component cluster. + type: string + namespace: + description: namespace specifies the namespace where the Confluent + Platform component cluster is running. + type: string + required: + - name + type: object + secondaryKafkaRest: + description: secondaryKafkaRest specifies the secondary Kafka REST + API configuration when using centralized RBAC. + properties: + authentication: + description: authentication specifies the REST API authentication + mechanism. + properties: + basic: + description: basic specifies the basic authentication settings + for the REST API client. + properties: + debug: + description: debug enables the basic authentication debug + logs for JaaS configuration. + type: boolean + directoryPathInContainer: + description: 'directoryPathInContainer allows to pass + the basic credential through a directory path in the + container. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + minLength: 1 + type: string + restrictedRoles: + description: restrictedRoles specify the restricted roles + on the server side only. Changes will be only reflected + in Control Center. This configuration is ignored on + the client side configuration. + items: + type: string + minItems: 1 + type: array + roles: + description: roles specify the roles on the server side + only. This configuration is ignored on the client side + configuration. + items: + type: string + type: array + secretRef: + description: 'secretRef defines secret reference to pass + the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + bearer: + description: bearer specifies the bearer authentication settings + for the REST API client. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where the credential is mounted. + minLength: 1 + type: string + secretRef: + description: 'secretRef specifies the name of the secret + that contains the credential. More info: https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the REST API authentication type. + Valid options are `basic`, `bearer`, and `mtls`. + enum: + - basic + - bearer + - mtls + type: string + required: + - type + type: object + endpoint: + description: endpoint specifies where Confluent REST API is running. + minLength: 1 + pattern: ^https?://.* + type: string + kafkaClusterID: + description: kafkaClusterID specifies the id of Kafka cluster. + It takes precedence over using the Kafka REST API to get the + cluster id. + minLength: 1 + type: string + tls: + description: tls specifies the custom TLS structure for the application + resources, e.g. connector, topic, schema, of the Confluent Platform + components. + properties: + directoryPathInContainer: + description: directoryPathInContainer contains the directory + path in the container where `keystore.jks`, `truststore.jks`, + `jksPassword.txt` keys are mounted. + minLength: 1 + type: string + jksPassword: + description: jksPassword specifies the secret name that contains + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the secret + containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef specifies the secret name that contains + the certificates. More info about certificates key/value + format: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: object + type: object + status: + description: status defines the observed state of the KafkaRestClass. + properties: + conditions: + description: conditions are the latest available observed state of + the kafkaRestClass. + items: + description: Condition represent the latest available observations + of the current state. + properties: + lastProbeTime: + description: lastProbeTime shows the last time the condition + was evaluated. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime shows the last time the condition + was transitioned from one status to another. + format: date-time + type: string + message: + description: message shows a human-readable message with details + about the transition. + type: string + reason: + description: reason shows the reason for the last transition + of the condition. + type: string + status: + description: status shows the status of the condition, one of + `True`, `False`, or `Unknown`. + type: string + type: + description: type shows the condition type. + type: string + type: object + type: array + endpoint: + description: endpoint specifies the Kafka REST API / MDS endpoint. + type: string + kafkaClusterID: + description: kafkaClusterID specifies the id of the Kafka cluster. + If using centralized RBAC and kafkaRestClass is for the secondary + Kafka cluster, it will be the cluster id of the secondary Kafka + cluster. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.3.0/crds/platform.confluent.io_kafkarestproxies.yaml b/base/cfk-base/2.3.0/crds/platform.confluent.io_kafkarestproxies.yaml new file mode 100644 index 0000000..f5896f2 --- /dev/null +++ b/base/cfk-base/2.3.0/crds/platform.confluent.io_kafkarestproxies.yaml @@ -0,0 +1,4936 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_kafkarestproxies.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + name: kafkarestproxies.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: KafkaRestProxy + listKind: KafkaRestProxyList + plural: kafkarestproxies + shortNames: + - kafkarestproxy + - krp + singular: kafkarestproxy + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.replicas + name: Replicas + type: string + - jsonPath: .status.readyReplicas + name: Ready + type: string + - jsonPath: .status.phase + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.kafka.bootstrapEndpoint + name: Kafka + priority: 1 + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: KafkaRestProxy is the schema for the Kafka REST Proxy API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec defines the desired state of the KafkaRestProxy cluster. + properties: + authentication: + description: authentication specifies the authentication configurations + for the KafkaRestProxy cluster. + properties: + basic: + description: basic specifies the configuration for basic authentication. + properties: + debug: + description: debug enables the basic authentication debug + logs for JaaS configuration. + type: boolean + directoryPathInContainer: + description: 'directoryPathInContainer allows to pass the + basic credential through a directory path in the container. + More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + minLength: 1 + type: string + restrictedRoles: + description: restrictedRoles specify the restricted roles + on the server side only. Changes will be only reflected + in Control Center. This configuration is ignored on the + client side configuration. + items: + type: string + minItems: 1 + type: array + roles: + description: roles specify the roles on the server side only. + This configuration is ignored on the client side configuration. + items: + type: string + type: array + secretRef: + description: 'secretRef defines secret reference to pass the + required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the authentication scheme for the + REST API server. Valid options are `basic` and `mtls`. + enum: + - basic + - mtls + type: string + required: + - type + type: object + authorization: + description: authorization specifies the RBAC configuration for the + KafkaRestProxy cluster. + properties: + kafkaRestClassRef: + description: kafkaRestClassRef references the KafkaRestClass which + specifies the Kafka REST API connection configuration. + properties: + name: + description: name specifies the name of the KafkaRestClass + application resource. + minLength: 1 + type: string + namespace: + description: namespace specifies the namespace of the KafkaRestClass. + type: string + required: + - name + type: object + type: + description: type specifies the client-side authorization type. + The valid option is `rbac`. + enum: + - rbac + type: string + required: + - type + type: object + configOverrides: + description: configOverrides specifies the configs to override the + server, JVM, Log4j properties for the KafkaRestProxy cluster. A + change will roll the cluster. + properties: + jvm: + description: jvm is a list of JVM configuration supported by the + Confluent Platform component. This will either add or update + the existing configuration. + items: + type: string + type: array + log4j: + description: log4j is a list of Log4J configuration supported + by the Confluent Platform component. This will either add or + update the existing configuration. + items: + type: string + type: array + server: + description: server is a list of server configuration supported + by the Confluent Platform component. This will either add or + update existing configuration. + items: + type: string + type: array + type: object + dependencies: + description: dependencies specifies the dependency configurations + for Kafka, Interceptor, Schema Registry, and the MDS. + properties: + interceptor: + description: interceptor specifies the interceptor dependency + configuration. + properties: + configs: + description: configs describe the configurations for the Confluent + Platform interceptor. The config override feature can be + used to pass the configuration settings. + items: + type: string + type: array + consumer: + description: consumer specifies the consumer configuration + for the interceptor. If not configured, it uses the Kafka + dependency configuration. + properties: + authentication: + description: authentication defines the authentication + for the Kafka cluster. + properties: + jaasConfig: + description: jaasConfig specifies the Kafka client-side + JaaS configuration. + properties: + secretRef: + description: 'secretRef references the secret + containing the required credentials. More info: + https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: jaasConfigPassThrough specifies another + way to provide the Kafka client-side JaaS configuration. + properties: + directoryPathInContainer: + description: 'directoryPathInContainer specifies + the directory path in the container where required + credentials are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + minLength: 1 + type: string + secretRef: + description: 'secretRef references the secret + containing the required credentials for authentication. + More info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + oauthbearer: + description: oauthbearer is the authentication mechanism + to provider principals. Only supported in RBAC deployment. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies + the directory path in the container where the + credential is mounted. + minLength: 1 + type: string + secretRef: + description: 'secretRef specifies the name of + the secret that contains the credential. More + info: https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the Kafka client authentication + type. Valid options are `plain`, `oauthbearer`, + `digest`, and `mtls`. + enum: + - plain + - oauthbearer + - digest + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: bootstrapEndpoint specifies the Kafka bootstrap + endpoint. + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: discovery specifies the capability to discover + the Kafka cluster. + properties: + name: + description: name is the name of the Confluent Platform + component cluster. + type: string + namespace: + description: namespace is where the Confluent Platform + component is running. The default value is the namespace + where CFK is running. + type: string + secretRef: + description: secretRef is the name of the secret used + to discover the Confluent Platform component. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: tls defines the client-side TLS setting for + the Kafka cluster. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the + directory path in the container where `keystore.jks`, + `truststore.jks`, and `jksPassword.txt` keys are + mounted. `truststore.jks` is not configured and + can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of + the secret containing the JKS password. More + info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + enabled: + description: enabled indicates whether the Confluent Platform + interceptor is enabled or disabled. + type: boolean + producer: + description: producer specifies the producer configuration + for the interceptor. If not configured, it uses the Kafka + dependency configuration. + properties: + authentication: + description: authentication defines the authentication + for the Kafka cluster. + properties: + jaasConfig: + description: jaasConfig specifies the Kafka client-side + JaaS configuration. + properties: + secretRef: + description: 'secretRef references the secret + containing the required credentials. More info: + https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: jaasConfigPassThrough specifies another + way to provide the Kafka client-side JaaS configuration. + properties: + directoryPathInContainer: + description: 'directoryPathInContainer specifies + the directory path in the container where required + credentials are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + minLength: 1 + type: string + secretRef: + description: 'secretRef references the secret + containing the required credentials for authentication. + More info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + oauthbearer: + description: oauthbearer is the authentication mechanism + to provider principals. Only supported in RBAC deployment. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies + the directory path in the container where the + credential is mounted. + minLength: 1 + type: string + secretRef: + description: 'secretRef specifies the name of + the secret that contains the credential. More + info: https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the Kafka client authentication + type. Valid options are `plain`, `oauthbearer`, + `digest`, and `mtls`. + enum: + - plain + - oauthbearer + - digest + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: bootstrapEndpoint specifies the Kafka bootstrap + endpoint. + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: discovery specifies the capability to discover + the Kafka cluster. + properties: + name: + description: name is the name of the Confluent Platform + component cluster. + type: string + namespace: + description: namespace is where the Confluent Platform + component is running. The default value is the namespace + where CFK is running. + type: string + secretRef: + description: secretRef is the name of the secret used + to discover the Confluent Platform component. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: tls defines the client-side TLS setting for + the Kafka cluster. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the + directory path in the container where `keystore.jks`, + `truststore.jks`, and `jksPassword.txt` keys are + mounted. `truststore.jks` is not configured and + can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of + the secret containing the JKS password. More + info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + publishMs: + type: integer + required: + - enabled + type: object + kafka: + description: kafka specifies the Kafka dependency configuration. + properties: + authentication: + description: authentication defines the authentication for + the Kafka cluster. + properties: + jaasConfig: + description: jaasConfig specifies the Kafka client-side + JaaS configuration. + properties: + secretRef: + description: 'secretRef references the secret containing + the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: jaasConfigPassThrough specifies another way + to provide the Kafka client-side JaaS configuration. + properties: + directoryPathInContainer: + description: 'directoryPathInContainer specifies the + directory path in the container where required credentials + are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + minLength: 1 + type: string + secretRef: + description: 'secretRef references the secret containing + the required credentials for authentication. More + info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + oauthbearer: + description: oauthbearer is the authentication mechanism + to provider principals. Only supported in RBAC deployment. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the + directory path in the container where the credential + is mounted. + minLength: 1 + type: string + secretRef: + description: 'secretRef specifies the name of the + secret that contains the credential. More info: + https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the Kafka client authentication + type. Valid options are `plain`, `oauthbearer`, `digest`, + and `mtls`. + enum: + - plain + - oauthbearer + - digest + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: bootstrapEndpoint specifies the Kafka bootstrap + endpoint. + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: discovery specifies the capability to discover + the Kafka cluster. + properties: + name: + description: name is the name of the Confluent Platform + component cluster. + type: string + namespace: + description: namespace is where the Confluent Platform + component is running. The default value is the namespace + where CFK is running. + type: string + secretRef: + description: secretRef is the name of the secret used + to discover the Confluent Platform component. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: tls defines the client-side TLS setting for the + Kafka cluster. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the + secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: mds specifies the MDS dependencies configuration. + properties: + authentication: + description: authentication specifies the client side authentication + configuration for the MDS. + properties: + bearer: + description: bearer specifies the bearer authentication + settings. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the + directory path in the container where the credential + is mounted. + minLength: 1 + type: string + secretRef: + description: 'secretRef specifies the name of the + secret that contains the credential. More info: + https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the authentication method + for the MDS. The valid option is `bearer`. + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: endpoint specifies the MDS endpoint. + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: ClientTLSConfig specifies the TLS configuration + for the Confluent component (dependencies, listeners). + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the + secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: tokenKeyPair specifies the token keypair to configure + the MDS. + properties: + directoryPathInContainer: + description: directoryPathInContainer defines the directory + path in the container where the MDS token key pair are + mounted. + minLength: 1 + type: string + secretRef: + description: secretRef references the name of the secret + that contains the MDS token key pair. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - authentication + - endpoint + - tokenKeyPair + type: object + schemaRegistry: + description: schemaRegistry specifies the Schema Registry dependency + configuration. + properties: + authentication: + description: authentication specifies the authentication for + the Schema Registry cluster. + properties: + basic: + description: basic specifies the configuration for basic + authentication. + properties: + debug: + description: debug enables the basic authentication + debug logs for JaaS configuration. + type: boolean + directoryPathInContainer: + description: 'directoryPathInContainer allows to pass + the basic credential through a directory path in + the container. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + minLength: 1 + type: string + restrictedRoles: + description: restrictedRoles specify the restricted + roles on the server side only. Changes will be only + reflected in Control Center. This configuration + is ignored on the client side configuration. + items: + type: string + minItems: 1 + type: array + roles: + description: roles specify the roles on the server + side only. This configuration is ignored on the + client side configuration. + items: + type: string + type: array + secretRef: + description: 'secretRef defines secret reference to + pass the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the authentication scheme + for the REST API client. Valid options are `basic` and + `mtls`. + enum: + - basic + - mtls + type: string + required: + - type + type: object + tls: + description: tls defines the client-side TLS setting for the + Schema Registry cluster. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the + secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: url specifies the URL endpoint of the Schema + Registry cluster. + minLength: 1 + pattern: ^https?://.* + type: string + required: + - url + type: object + type: object + externalAccess: + description: externalAccess specifies the external access configuration. + properties: + loadBalancer: + description: loadBalancer specifies the configuration to create + a Kubernetes load balancer service. + properties: + advertisedURL: + description: 'advertisedURL specifies the configuration for + advertised listener per pod. It is only supported for MDS + currently. If it is enabled, instead of using internal endpoint, + the MDS advertised listener for each broker will be set + to: `://.` + where podId starts from `0` to `replicaCount -1`. This is + only recommended if you cannot add internal SANs to the + TLS certificates for MDS and the external DNS must be resolved + inside the Kubernetes cluster.' + properties: + enabled: + description: enabled indicates whether to set the MDS + advertised listener url with external endpoint for each + broker. + type: boolean + prefix: + description: prefix specifies the broker prefix for MDS + advertised endpoint if using loadBalancer external access. + If not configured, it uses `b` as default prefix, such + as `b#.domain` where `#` will start from `0` to `replicaCount + -1`. + minLength: 1 + type: string + required: + - enabled + type: object + annotations: + additionalProperties: + type: string + description: annotations is a map of string key and value + pairs. It specifies Kubernetes annotations for the load + balancer service. + type: object + x-kubernetes-map-type: granular + domain: + description: domain is the domain name of the component cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: externalTrafficPolicy specifies the external + traffic policy for the service. Valid options are `Local` + and `Cluster`. + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: loadBalancerSourceRanges specify the source ranges. + items: + type: string + type: array + port: + description: port specifies the external port for the client + consumption. If not configured, the same internal/external + port is configured for the component. Information about + the port can be retrieved through the status API. + format: int32 + type: integer + prefix: + description: prefix specify the prefix for the given domain. + The default value is the name of the cluster. + minLength: 1 + type: string + servicePorts: + description: servicePorts specify the user-provided service + port(s). + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard service + names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in + the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type is NodePort or LoadBalancer. Usually + assigned by the system. If a value is specified, in-range, + and not in use it will be used, otherwise the operation + will fail. If not specified, a port will be allocated + if this Service requires one. If this field is specified + when creating a Service which does not need it, creation + will fail. This field will be wiped when updating + a Service to no longer need it (e.g. changing type + from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this + is not specified, the value of the ''port'' field + is used (an identity map). This field is ignored for + services with clusterIP=None, and should be omitted + or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'sessionAffinity defines the Kubernetes session + affinity. The valid options are `ClientIP` and `None`. `ClientIP` + enables the client IP-based session affinity. The default + value is `None`. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of the session affinity. + properties: + clientIP: + description: clientIP contains the configurations of Client + IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - domain + type: object + nodePort: + description: nodePort specifies the configuration to create a + Kubernetes node port service. + properties: + advertisedURL: + description: advertisedURL specifies the configuration for + advertised listener per pod. It is only supported for MDS + currently. If it is enabled, instead of using internal endpoint, + the MDS advertised listener for each broker will be set + to `://:, + where`podId` starts from `0` to `replicaCount - 1`. This + is only recommended if you cannot add internal SANs to the + TLS certificates for MDS and the external DNS must be resolved + inside the Kubernetes cluster. + properties: + enabled: + description: enabled indicates whether to set the MDS + advertised listener url with external endpoint for each + broker. + type: boolean + prefix: + description: prefix specifies the broker prefix for MDS + advertised endpoint if using loadBalancer external access. + If not configured, it uses `b` as default prefix, such + as `b#.domain` where `#` will start from `0` to `replicaCount + -1`. + minLength: 1 + type: string + required: + - enabled + type: object + annotations: + additionalProperties: + type: string + description: annotations is a map of string key and value + pairs that contains Kubernetes annotations for the node + port service. + type: object + x-kubernetes-map-type: granular + externalTrafficPolicy: + description: externalTrafficPolicy specifies the external + traffic policy for the service. Valid options are `Local` + and `Cluster`. + enum: + - Local + - Cluster + type: string + host: + description: host defines the host name of the cluster. + minLength: 1 + type: string + nodePortOffset: + description: nodePortOffset specifies the starting offset + of the node ports. The port numbers go in ascending order + with respect to the replicas count. NodePort service creation + fails if the node port is not in the range supported by + the Kubernetes API server. The default Kubernetes Node Port + range is `30000` - `32762`. + format: int32 + minimum: 0 + type: integer + servicePorts: + description: servicePorts specify user-provided service port(s). + For Kafka with the nodePort type, this setting is only applied + to Kafka bootstrap service. + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard service + names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in + the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type is NodePort or LoadBalancer. Usually + assigned by the system. If a value is specified, in-range, + and not in use it will be used, otherwise the operation + will fail. If not specified, a port will be allocated + if this Service requires one. If this field is specified + when creating a Service which does not need it, creation + will fail. This field will be wiped when updating + a Service to no longer need it (e.g. changing type + from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this + is not specified, the value of the ''port'' field + is used (an identity map). This field is ignored for + services with clusterIP=None, and should be omitted + or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'sessionAffinity defines the Kubernetes session + affinity. The valid options are `ClientIP` and `None`. `ClientIP` + enables the client IP-based session affinity. The default + value is `None`. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of the session affinity. + properties: + clientIP: + description: clientIP contains the configurations of Client + IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - host + - nodePortOffset + type: object + route: + description: route specifies the configuration to create a route + service in OpenShift. + properties: + annotations: + additionalProperties: + type: string + description: annotations is a map of string key and value + pairs that contains Kubernetes annotations for the route + services. + type: object + x-kubernetes-map-type: granular + domain: + description: domain specifies the domain name of the Confluent + component cluster. + minLength: 1 + type: string + prefix: + description: prefix specifies the component prefix when configured + for the domain. The default value is the name of the cluster. + minLength: 1 + type: string + wildcardPolicy: + description: wildcardPolicy allows you to define a route that + covers all hosts within a domain. Valid options are `Subdomain` + and `None`. The default value is `None`. + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: type specifies the Kubernetes external service for + the component. Valid options are `loadBalancer`, `nodePort`, + and `route`. + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + headlessService: + description: headlessService specifies the configuration of the Kubernetes + headless service. + properties: + annotations: + additionalProperties: + type: string + description: annotations is a map of string key and value pairs. + It specifies the annotations to be added to the CFK-created + headless service. These annotations are merged with the injectAnnotations + and take precedence. + type: object + x-kubernetes-map-type: granular + labels: + additionalProperties: + type: string + description: labels is a map of string key and value pairs. It + specifies the labels to be added to the CFK-created headless + service. These labels are merged with the injectLabels and take + precedence. + type: object + x-kubernetes-map-type: granular + publishNotReadyAddresses: + description: publishNotReadyAddresses specifies the publishNotReadyAddresses + field. For Kafka, this value must be true. The default value + is true. + type: boolean + type: object + image: + description: image specifies the application and the init docker image + configurations. A change to this setting will roll the cluster. + properties: + application: + description: application is the Docker image name of the application. + Specify `//:`. + pattern: .+:.+ + type: string + init: + description: init is the init-container name. Specify `//:`. + pattern: .+:.+ + type: string + pullPolicy: + description: pullPolicy is the policy for pulling images. Valid + options are `Always`, `Never`, and `IfNotPresent`. The default + value is `IfNotPresent`. + enum: + - Always + - Never + - IfNotPresent + type: string + pullSecretRef: + description: 'pullSecretRef references the secrets in the same + namespace to be used for pulling images. Image pull secrets + are distinct from secrets because secrets can be mounted in + the pod, but image pull secrets are only accessed by `kubelet`. + More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: injectAnnotations are the annotations injected to the + internal resources that CFK created. The internal annotations are + preserved and cannot be overridden. For pod annotations, use `podTemplate.annotations`. + type: object + x-kubernetes-map-type: granular + injectLabels: + additionalProperties: + type: string + description: injectLabels are the labels injected to the internal + resources that CFK created. The internal labels are preserved and + cannot be overridden. For pod labels, use `podTemplate.labels`. + type: object + x-kubernetes-map-type: granular + k8sClusterDomain: + description: k8sClusterDomain specifies the configuration of the Kubernetes + cluster domain. The default is the `cluster.local` domain. + type: string + license: + description: license specifies the license configuration for the Confluent + Platform component. + properties: + directoryPathInContainer: + description: 'directoryPathInContainer specifies the directory + path in the container where the license key is mounted. More + info: https://docs.confluent.io/operator/current/co-license.html#update-component-level-licenses' + minLength: 1 + type: string + globalLicense: + description: globalLicense specifies whether the Confluent Platform + component shares the CFK license. + type: boolean + secretRef: + description: 'secretRef references the secret that provides the + license for the Confluent Platform component. More info: https://docs.confluent.io/operator/current/co-license.html#update-component-level-licenses' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + metrics: + description: metrics specify the security settings for the metric + services. + properties: + authentication: + description: authentication specifies the authentication configuration + for the metrics. + properties: + type: + description: type specifies the metrics authentication method. + The valid option is `mtls`. + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: prometheus specifies the configuration overrides + for the JMX-Prometheus exporter. + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Rule defines the Prometheus Exporter rule override. + properties: + attrNameSnakeCase: + type: boolean + cache: + type: boolean + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + anyOf: + - type: integer + - type: string + default: 1 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: tls specifies the TLS configuration for the metrics. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether to ignore + the truststore configuration for the Confluent component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the secret + containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing the + certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: 'mountedSecrets list the secrets injected to the underlying + statefulset configuration. The secret reference is mounted in the + default path `/mnt/secrets/`. The underlying resources + will follow the secret as a file configuration. More info: https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod. + A change to this setting will roll the cluster.' + items: + description: MountedSecrets provides a way to inject a custom secret + to the underlying statefulset. + properties: + keyItems: + description: keyItems are key and path names. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions + on this file. Must be an octal value between 0000 and + 0777 or a decimal value between 0 and 511. YAML accepts + both octal and decimal values, JSON requires decimal + values for mode bits. If not specified, the volume defaultMode + will be used. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: secretRef references the name of the secret. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + mountedVolumes: + description: mountedVolumes list the custom volumes that need to be + mounted into the underlying statefulset. A change to this setting + will roll the cluster. + properties: + volumeMounts: + description: volumeMounts specify the list of volume mounts for + the pods in the statefulset. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + description: volumes specify the list of volumes that can be mounted + into the pods of statefulset. + items: + description: Volume represents a named volume in a pod that + may be accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'AWSElasticBlockStore represents an AWS Disk + resource that is attached to a kubelet''s host machine + and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'Filesystem type of the volume that you + want to mount. Tip: Ensure that the filesystem type + is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + partition: + description: 'The partition in the volume that you want + to mount. If omitted, the default is to mount by volume + name. Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume partition + for /dev/sda is "0" (or you can leave the property + empty).' + format: int32 + type: integer + readOnly: + description: 'Specify "true" to force and set the ReadOnly + property in VolumeMounts to "true". If omitted, the + default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'Unique ID of the persistent disk resource + in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: AzureDisk represents an Azure Data Disk mount + on the host and bind mount to the pod. + properties: + cachingMode: + description: 'Host Caching mode: None, Read Only, Read + Write.' + type: string + diskName: + description: The Name of the data disk in the blob storage + type: string + diskURI: + description: The URI the data disk in the blob storage + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if + unspecified. + type: string + kind: + description: 'Expected values Shared: multiple blob + disks per storage account Dedicated: single blob + disk per storage account Managed: azure managed data + disk (only in managed availability set). defaults + to shared' + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: AzureFile represents an Azure File Service + mount on the host and bind mount to the pod. + properties: + readOnly: + description: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: the name of secret that contains Azure + Storage Account Name and Key + type: string + shareName: + description: Share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: CephFS represents a Ceph FS mount on the host + that shares a pod's lifetime + properties: + monitors: + description: 'Required: Monitors is a collection of + Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'Optional: Used as the mounted root, rather + than the full Ceph tree, default is /' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'Optional: SecretFile is the path to key + ring for User, default is /etc/ceph/user.secret More + info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'Optional: SecretRef is reference to the + authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + user: + description: 'Optional: User is the rados user name, + default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'Cinder represents a cinder volume attached + and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'Optional: points to a secret object containing + parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + volumeID: + description: 'volume id used to identify the volume + in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: ConfigMap represents a configMap that should + populate this volume + properties: + defaultMode: + description: 'Optional: mode bits used to set permissions + on created files by default. Must be an octal value + between 0000 and 0777 or a decimal value between 0 + and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults + to 0644. Directories within the path are not affected + by this setting. This might be in conflict with other + options that affect the file mode, like fsGroup, and + the result can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in + the Data field of the referenced ConfigMap will be + projected into the volume as a file whose name is + the key and content is the value. If specified, the + listed keys will be projected into the specified paths, + and unlisted keys will not be present. If a key is + specified which is not present in the ConfigMap, the + volume setup will error unless it is marked optional. + Paths must be relative and may not contain the '..' + path or start with '..'. + items: + description: Maps a string key to a path within a + volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set + permissions on this file. Must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal + values, JSON requires decimal values for mode + bits. If not specified, the volume defaultMode + will be used. This might be in conflict with + other options that affect the file mode, like + fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + path: + description: The relative path of the file to + map the key to. May not be an absolute path. + May not contain the path element '..'. May not + start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys + must be defined + type: boolean + type: object + csi: + description: CSI (Container Storage Interface) represents + ephemeral storage that is handled by certain external + CSI drivers (Beta feature). + properties: + driver: + description: Driver is the name of the CSI driver that + handles this volume. Consult with your admin for the + correct name as registered in the cluster. + type: string + fsType: + description: Filesystem type to mount. Ex. "ext4", "xfs", + "ntfs". If not provided, the empty value is passed + to the associated CSI driver which will determine + the default filesystem to apply. + type: string + nodePublishSecretRef: + description: NodePublishSecretRef is a reference to + the secret object containing sensitive information + to pass to the CSI driver to complete the CSI NodePublishVolume + and NodeUnpublishVolume calls. This field is optional, + and may be empty if no secret is required. If the + secret object contains more than one secret, all secret + references are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + readOnly: + description: Specifies a read-only configuration for + the volume. Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: VolumeAttributes stores driver-specific + properties that are passed to the CSI driver. Consult + your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: DownwardAPI represents downward API about the + pod that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created + files by default. Must be a Optional: mode bits used + to set permissions on created files by default. Must + be an octal value between 0000 and 0777 or a decimal + value between 0 and 511. YAML accepts both octal and + decimal values, JSON requires decimal values for mode + bits. Defaults to 0644. Directories within the path + are not affected by this setting. This might be in + conflict with other options that affect the file mode, + like fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume + file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the + pod: only annotations, labels, name and namespace + are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits used to set + permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal + values, JSON requires decimal values for mode + bits. If not specified, the volume defaultMode + will be used. This might be in conflict with + other options that affect the file mode, like + fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must not + be absolute or contain the ''..'' path. Must + be utf-8 encoded. The first item of the relative + path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'EmptyDir represents a temporary directory + that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'What type of storage medium should back + this directory. The default is "" which means to use + the node''s default medium. Must be an empty string + (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'Total amount of local storage required + for this EmptyDir volume. The size limit is also applicable + for memory medium. The maximum usage on memory medium + EmptyDir would be the minimum value between the SizeLimit + specified here and the sum of memory limits of all + containers in a pod. The default is nil which means + that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: "Ephemeral represents a volume that is handled + by a cluster storage driver. The volume's lifecycle is + tied to the pod that defines it - it will be created before + the pod starts, and deleted when the pod is removed. \n + Use this if: a) the volume is only needed while the pod + runs, b) features of normal volumes like restoring from + snapshot or capacity tracking are needed, c) the storage + driver is specified through a storage class, and d) the + storage driver supports dynamic volume provisioning through + \ a PersistentVolumeClaim (see EphemeralVolumeSource + for more information on the connection between this + volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim + or one of the vendor-specific APIs for volumes that persist + for longer than the lifecycle of an individual pod. \n + Use CSI for light-weight local ephemeral volumes if the + CSI driver is meant to be used that way - see the documentation + of the driver for more information. \n A pod can use both + types of ephemeral volumes and persistent volumes at the + same time." + properties: + volumeClaimTemplate: + description: "Will be used to create a stand-alone PVC + to provision the volume. The pod in which this EphemeralVolumeSource + is embedded will be the owner of the PVC, i.e. the + PVC will be deleted together with the pod. The name + of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` + array entry. Pod validation will reject the pod if + the concatenated name is not valid for a PVC (for + example, too long). \n An existing PVC with that name + that is not owned by the pod will *not* be used for + the pod to avoid using an unrelated volume by mistake. + Starting the pod is then blocked until the unrelated + PVC is removed. If such a pre-created PVC is meant + to be used by the pod, the PVC has to updated with + an owner reference to the pod once the pod exists. + Normally this should not be necessary, but it may + be useful when manually reconstructing a broken cluster. + \n This field is read-only and no changes will be + made by Kubernetes to the PVC after it has been created. + \n Required, must not be nil." + properties: + metadata: + description: May contain labels and annotations + that will be copied into the PVC when creating + it. No other fields are allowed and will be rejected + during validation. + type: object + spec: + description: The specification for the PersistentVolumeClaim. + The entire content is copied unchanged into the + PVC that gets created from this template. The + same fields as in a PersistentVolumeClaim are + also valid here. + properties: + accessModes: + description: 'AccessModes contains the desired + access modes the volume should have. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'This field can be used to specify + either: * An existing VolumeSnapshot object + (snapshot.storage.k8s.io/VolumeSnapshot) * + An existing PVC (PersistentVolumeClaim) If + the provisioner or an external controller + can support the specified data source, it + will create a new volume based on the contents + of the specified data source. If the AnyVolumeDataSource + feature gate is enabled, this field will always + have the same contents as the DataSourceRef + field.' + properties: + apiGroup: + description: APIGroup is the group for the + resource being referenced. If APIGroup + is not specified, the specified Kind must + be in the core API group. For any other + third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + dataSourceRef: + description: 'Specifies the object from which + to populate the volume with data, if a non-empty + volume is desired. This may be any local object + from a non-empty API group (non core object) + or a PersistentVolumeClaim object. When this + field is specified, volume binding will only + succeed if the type of the specified object + matches some installed volume populator or + dynamic provisioner. This field will replace + the functionality of the DataSource field + and as such if both fields are non-empty, + they must have the same value. For backwards + compatibility, both fields (DataSource and + DataSourceRef) will be set to the same value + automatically if one of them is empty and + the other is non-empty. There are two important + differences between DataSource and DataSourceRef: + * While DataSource only allows two specific + types of objects, DataSourceRef allows any + non-core object, as well as PersistentVolumeClaim + objects. * While DataSource ignores disallowed + values (dropping them), DataSourceRef preserves + all values, and generates an error if a disallowed + value is specified. (Alpha) Using this field + requires the AnyVolumeDataSource feature gate + to be enabled.' + properties: + apiGroup: + description: APIGroup is the group for the + resource being referenced. If APIGroup + is not specified, the specified Kind must + be in the core API group. For any other + third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + resources: + description: 'Resources represents the minimum + resources the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify + resource requirements that are lower than + previous value but must still be higher than + capacity recorded in the status field of the + claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. + If Requests is omitted for a container, + it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: A label query over volumes to consider + for binding. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'Name of the StorageClass required + by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of + volume is required by the claim. Value of + Filesystem is implied when not included in + claim spec. + type: string + volumeName: + description: VolumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: FC represents a Fibre Channel resource that + is attached to a kubelet's host machine and then exposed + to the pod. + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if + unspecified. TODO: how do we prevent errors in the + filesystem from compromising the machine' + type: string + lun: + description: 'Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'Optional: FC target worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: 'Optional: FC volume world wide identifiers + (wwids) Either wwids or combination of targetWWNs + and lun must be set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: FlexVolume represents a generic volume resource + that is provisioned/attached using an exec based plugin. + properties: + driver: + description: Driver is the name of the driver to use + for this volume. + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". The default filesystem depends on FlexVolume + script. + type: string + options: + additionalProperties: + type: string + description: 'Optional: Extra command options if any.' + type: object + readOnly: + description: 'Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'Optional: SecretRef is reference to the + secret object containing sensitive information to + pass to the plugin scripts. This may be empty if no + secret object is specified. If the secret object contains + more than one secret, all secrets are passed to the + plugin scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + required: + - driver + type: object + flocker: + description: Flocker represents a Flocker volume attached + to a kubelet's host machine. This depends on the Flocker + control service being running + properties: + datasetName: + description: Name of the dataset stored as metadata + -> name on the dataset for Flocker should be considered + as deprecated + type: string + datasetUUID: + description: UUID of the dataset. This is unique identifier + of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'GCEPersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then + exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'Filesystem type of the volume that you + want to mount. Tip: Ensure that the filesystem type + is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + partition: + description: 'The partition in the volume that you want + to mount. If omitted, the default is to mount by volume + name. Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume partition + for /dev/sda is "0" (or you can leave the property + empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'Unique name of the PD resource in GCE. + Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly + setting in VolumeMounts. Defaults to false. More info: + https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'GitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision + a container with a git repo, mount an EmptyDir into an + InitContainer that clones the repo using git, then mount + the EmptyDir into the Pod''s container.' + properties: + directory: + description: Target directory name. Must not contain + or start with '..'. If '.' is supplied, the volume + directory will be the git repository. Otherwise, + if specified, the volume will contain the git repository + in the subdirectory with the given name. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'Glusterfs represents a Glusterfs mount on + the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'EndpointsName is the endpoint name that + details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'Path is the Glusterfs volume path. More + info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'ReadOnly here will force the Glusterfs + volume to be mounted with read-only permissions. Defaults + to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'HostPath represents a pre-existing file or + directory on the host machine that is directly exposed + to the container. This is generally used for system agents + or other privileged things that are allowed to see the + host machine. Most containers will NOT need this. More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host + directory mounts and who can/can not mount host directories + as read/write.' + properties: + path: + description: 'Path of the directory on the host. If + the path is a symlink, it will follow the link to + the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'Type for HostPath Volume Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'ISCSI represents an ISCSI Disk resource that + is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: whether support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: whether support iSCSI Session CHAP authentication + type: boolean + fsType: + description: 'Filesystem type of the volume that you + want to mount. Tip: Ensure that the filesystem type + is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + initiatorName: + description: Custom iSCSI Initiator Name. If initiatorName + is specified with iscsiInterface simultaneously, new + iSCSI interface : will + be created for the connection. + type: string + iqn: + description: Target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iSCSI Interface Name that uses an iSCSI + transport. Defaults to 'default' (tcp). + type: string + lun: + description: iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: iSCSI Target Portal List. The portal is + either an IP or ip_addr:port if the port is other + than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: CHAP Secret for iSCSI target and initiator + authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + targetPortal: + description: iSCSI Target Portal. The Portal is either + an IP or ip_addr:port if the port is other than default + (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique + within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'NFS represents an NFS mount on the host that + shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'Path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'ReadOnly here will force the NFS export + to be mounted with read-only permissions. Defaults + to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'Server is the hostname or IP address of + the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'PersistentVolumeClaimVolumeSource represents + a reference to a PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'ClaimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: PhotonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host + machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if + unspecified. + type: string + pdID: + description: ID that identifies Photon Controller persistent + disk + type: string + required: + - pdID + type: object + portworxVolume: + description: PortworxVolume represents a portworx volume + attached and mounted on kubelets host machine + properties: + fsType: + description: FSType represents the filesystem type to + mount Must be a filesystem type supported by the host + operating system. Ex. "ext4", "xfs". Implicitly inferred + to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: VolumeID uniquely identifies a Portworx + volume + type: string + required: + - volumeID + type: object + projected: + description: Items for all in one resources secrets, configmaps, + and downward API + properties: + defaultMode: + description: Mode bits used to set permissions on created + files by default. Must be an octal value between 0000 + and 0777 or a decimal value between 0 and 511. YAML + accepts both octal and decimal values, JSON requires + decimal values for mode bits. Directories within the + path are not affected by this setting. This might + be in conflict with other options that affect the + file mode, like fsGroup, and the result can be other + mode bits set. + format: int32 + type: integer + sources: + description: list of volume projections + items: + description: Projection that may be projected along + with other supported volume types + properties: + configMap: + description: information about the configMap data + to project + properties: + items: + description: If unspecified, each key-value + pair in the Data field of the referenced + ConfigMap will be projected into the volume + as a file whose name is the key and content + is the value. If specified, the listed keys + will be projected into the specified paths, + and unlisted keys will not be present. If + a key is specified which is not present + in the ConfigMap, the volume setup will + error unless it is marked optional. Paths + must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used + to set permissions on this file. Must + be an octal value between 0000 and + 0777 or a decimal value between 0 + and 511. YAML accepts both octal and + decimal values, JSON requires decimal + values for mode bits. If not specified, + the volume defaultMode will be used. + This might be in conflict with other + options that affect the file mode, + like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the + file to map the key to. May not be + an absolute path. May not contain + the path element '..'. May not start + with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + downwardAPI: + description: information about the downwardAPI + data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits used + to set permissions on this file, must + be an octal value between 0000 and + 0777 or a decimal value between 0 + and 511. YAML accepts both octal and + decimal values, JSON requires decimal + values for mode bits. If not specified, + the volume defaultMode will be used. + This might be in conflict with other + options that affect the file mode, + like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the + relative path name of the file to + be created. Must not be absolute or + contain the ''..'' path. Must be utf-8 + encoded. The first item of the relative + path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of + the container: only resources limits + and requests (limits.cpu, limits.memory, + requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: information about the secret data + to project + properties: + items: + description: If unspecified, each key-value + pair in the Data field of the referenced + Secret will be projected into the volume + as a file whose name is the key and content + is the value. If specified, the listed keys + will be projected into the specified paths, + and unlisted keys will not be present. If + a key is specified which is not present + in the Secret, the volume setup will error + unless it is marked optional. Paths must + be relative and may not contain the '..' + path or start with '..'. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used + to set permissions on this file. Must + be an octal value between 0000 and + 0777 or a decimal value between 0 + and 511. YAML accepts both octal and + decimal values, JSON requires decimal + values for mode bits. If not specified, + the volume defaultMode will be used. + This might be in conflict with other + options that affect the file mode, + like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the + file to map the key to. May not be + an absolute path. May not contain + the path element '..'. May not start + with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + type: object + serviceAccountToken: + description: information about the serviceAccountToken + data to project + properties: + audience: + description: Audience is the intended audience + of the token. A recipient of a token must + identify itself with an identifier specified + in the audience of the token, and otherwise + should reject the token. The audience defaults + to the identifier of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested + duration of validity of the service account + token. As the token approaches expiration, + the kubelet volume plugin will proactively + rotate the service account token. The kubelet + will start trying to rotate the token if + the token is older than 80 percent of its + time to live or if the token is older than + 24 hours.Defaults to 1 hour and must be + at least 10 minutes. + format: int64 + type: integer + path: + description: Path is the path relative to + the mount point of the file to project the + token into. + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + description: Quobyte represents a Quobyte mount on the host + that shares a pod's lifetime + properties: + group: + description: Group to map volume access to Default is + no group + type: string + readOnly: + description: ReadOnly here will force the Quobyte volume + to be mounted with read-only permissions. Defaults + to false. + type: boolean + registry: + description: Registry represents a single or multiple + Quobyte Registry services specified as a string as + host:port pair (multiple entries are separated with + commas) which acts as the central registry for volumes + type: string + tenant: + description: Tenant owning the given Quobyte volume + in the Backend Used with dynamically provisioned Quobyte + volumes, value is set by the plugin + type: string + user: + description: User to map volume access to Defaults to + serivceaccount user + type: string + volume: + description: Volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'RBD represents a Rados Block Device mount + on the host that shares a pod''s lifetime. More info: + https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'Filesystem type of the volume that you + want to mount. Tip: Ensure that the filesystem type + is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + image: + description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'Keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'A collection of Ceph monitors. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'The rados pool name. Default is rbd. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly + setting in VolumeMounts. Defaults to false. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'SecretRef is name of the authentication + secret for RBDUser. If provided overrides keyring. + Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + user: + description: 'The rados user name. Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: ScaleIO represents a ScaleIO persistent volume + attached and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: The host address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: The name of the ScaleIO Protection Domain + for the configured storage. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef references to the secret for + ScaleIO user and other sensitive information. If this + is not provided, Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + sslEnabled: + description: Flag to enable/disable SSL communication + with Gateway, default false + type: boolean + storageMode: + description: Indicates whether the storage for a volume + should be ThickProvisioned or ThinProvisioned. Default + is ThinProvisioned. + type: string + storagePool: + description: The ScaleIO Storage Pool associated with + the protection domain. + type: string + system: + description: The name of the storage system as configured + in ScaleIO. + type: string + volumeName: + description: The name of a volume already created in + the ScaleIO system that is associated with this volume + source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'Secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'Optional: mode bits used to set permissions + on created files by default. Must be an octal value + between 0000 and 0777 or a decimal value between 0 + and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults + to 0644. Directories within the path are not affected + by this setting. This might be in conflict with other + options that affect the file mode, like fsGroup, and + the result can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in + the Data field of the referenced Secret will be projected + into the volume as a file whose name is the key and + content is the value. If specified, the listed keys + will be projected into the specified paths, and unlisted + keys will not be present. If a key is specified which + is not present in the Secret, the volume setup will + error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start + with '..'. + items: + description: Maps a string key to a path within a + volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set + permissions on this file. Must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal + values, JSON requires decimal values for mode + bits. If not specified, the volume defaultMode + will be used. This might be in conflict with + other options that affect the file mode, like + fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + path: + description: The relative path of the file to + map the key to. May not be an absolute path. + May not contain the path element '..'. May not + start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: Specify whether the Secret or its keys + must be defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace + to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: StorageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if + unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef specifies the secret to use for + obtaining the StorageOS API credentials. If not specified, + default values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + volumeName: + description: VolumeName is the human-readable name of + the StorageOS volume. Volume names are only unique + within a namespace. + type: string + volumeNamespace: + description: VolumeNamespace specifies the scope of + the volume within StorageOS. If no namespace is specified + then the Pod's namespace will be used. This allows + the Kubernetes name scoping to be mirrored within + StorageOS for tighter integration. Set VolumeName + to any name to override the default behaviour. Set + to "default" if you are not using namespaces within + StorageOS. Namespaces that do not pre-exist within + StorageOS will be created. + type: string + type: object + vsphereVolume: + description: VsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if + unspecified. + type: string + storagePolicyID: + description: Storage Policy Based Management (SPBM) + profile ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: Storage Policy Based Management (SPBM) + profile name. + type: string + volumePath: + description: Path that identifies vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + required: + - volumeMounts + - volumes + type: object + oneReplicaPerNode: + description: oneReplicaPerNode controls whether to run 1 pod per node + using the pod anti-affinity capability. Enabling this configuration + in an existing cluster will roll the cluster. + type: boolean + podTemplate: + description: podTemplate specifies the statefulset pod template configuration. + properties: + affinity: + description: 'affinity specifies a group of affinity scheduling + rules. More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity.' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from + its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term + matches no objects. The requirements of them are + ANDed. The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. This + field is beta-level and is only honored when + PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. This field is beta-level + and is only honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node that + violates one or more of the expressions. The node that + is most preferred is the one with the greatest sum of + weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. This + field is beta-level and is only honored when + PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod + label update), the system may or may not try to eventually + evict the pod from its node. When there are multiple + elements, the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. This field is beta-level + and is only honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'annotations is a map of string key and value pairs + stored with the resource and may be set by external tools to + store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations.' + type: object + x-kubernetes-map-type: granular + envVars: + description: 'envVars contain environment variables to be injected + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container.' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. If + a variable cannot be resolved, the reference in the input + string will be unchanged. Double $$ are reduced to a single + $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'labels is a map of string key and value pairs that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels.' + type: object + x-kubernetes-map-type: granular + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present + in container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to + all containers in a pod. Some volume types allow the Kubelet + to change the ownership of that volume to be owned by the + pod: \n 1. The owning GID will be the FSGroup 2. The setgid + bit is set (new files created in the volume will be owned + by FSGroup) 3. The permission bits are OR'd with rw-rw---- + \n If unset, the Kubelet will not modify the ownership and + permissions of any volume. Note that this field cannot be + set when spec.os.name is windows." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified, "Always" is used. Note that + this field cannot be set when spec.os.name is windows.' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. Note that this field + cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + Note that this field cannot be set when spec.os.name is + windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence + for that container. Note that this field cannot be set when + spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by the containers + in this pod. Note that this field cannot be set when spec.os.name + is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile must + be preconfigured on the node to work. Must be a descending + path, relative to the kubelet's configured seccomp profile + location. Must only be set if type is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - a + profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile + should be used. Unconfined - no profile should be applied." + type: string + required: + - type + type: object + supplementalGroups: + description: A list of groups applied to the first process + run in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + Note that this field cannot be set when spec.os.name is + windows. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. Note that this field cannot + be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options within a container's + SecurityContext will be used. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. This field is + alpha-level and will only be honored by components that + enable the WindowsHostProcessContainers feature flag. + Setting this field without the feature flag will result + in errors when validating the Pod. All of a Pod's containers + must have the same effective HostProcess value (it is + not allowed to have a mix of HostProcess containers + and non-HostProcess containers). In addition, if HostProcess + is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + priorityClassName: + description: priorityClassName specifies the priority class for + the pod (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: probe contains the fields for standard Kubernetes + readiness/liveness probe configuration. + properties: + liveness: + description: liveness configures the Kubernetes probe settings. + The changes will override the existing default configuration. + properties: + failureThreshold: + description: failureThreshold is the minimum consecutive + failures for the probe to be considered failed. Confluent + Platform components come with the right configuration, + and this setting is not required to change most of the + time. + format: int32 + type: integer + initialDelaySeconds: + description: initialDelaySeconds is the number of seconds + after the container has started and before probes are + initiated. Confluent Platform components come with the + right configuration, and this setting is not required + to change most of the time. + format: int32 + type: integer + periodSeconds: + description: periodSeconds specifies how often to perform + the probe. Confluent Platform components come with the + right configuration, and this setting is not required + to change most of the time. + format: int32 + type: integer + successThreshold: + description: successThreshold is the minimum consecutive + successes for the probe to be considered successful + after having failed. The default values is `1`. Must + be `1` for liveness and startup. The minimum value is + `1`. + format: int32 + type: integer + timeoutSeconds: + description: timeoutSeconds is the number of seconds after + which the probe times out. Confluent Platform components + come with the right configuration, and this setting + is not required to change most of the time. + format: int32 + type: integer + type: object + readiness: + description: readiness configures the Kubernetes probe setting. + The changes will override the existing default configuration. + properties: + failureThreshold: + description: failureThreshold is the minimum consecutive + failures for the probe to be considered failed. Confluent + Platform components come with the right configuration, + and this setting is not required to change most of the + time. + format: int32 + type: integer + initialDelaySeconds: + description: initialDelaySeconds is the number of seconds + after the container has started and before probes are + initiated. Confluent Platform components come with the + right configuration, and this setting is not required + to change most of the time. + format: int32 + type: integer + periodSeconds: + description: periodSeconds specifies how often to perform + the probe. Confluent Platform components come with the + right configuration, and this setting is not required + to change most of the time. + format: int32 + type: integer + successThreshold: + description: successThreshold is the minimum consecutive + successes for the probe to be considered successful + after having failed. The default values is `1`. Must + be `1` for liveness and startup. The minimum value is + `1`. + format: int32 + type: integer + timeoutSeconds: + description: timeoutSeconds is the number of seconds after + which the probe times out. Confluent Platform components + come with the right configuration, and this setting + is not required to change most of the time. + format: int32 + type: integer + type: object + type: object + resources: + description: resources describe the compute resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: SecurityContext holds security configuration that + will be applied to a container. Some fields are present in both + SecurityContext and PodSecurityContext. When both are set, + the values in SecurityContext take precedence. + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN Note that this field cannot be set + when spec.os.name is windows.' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. Note that this field cannot be set when + spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. Note that this field cannot + be set when spec.os.name is windows. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. Note that this field cannot be set when spec.os.name + is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. Note that this field cannot be set when + spec.os.name is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this container. + If seccomp options are provided at both the pod & container + level, the container options override the pod options. Note + that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile must + be preconfigured on the node to work. Must be a descending + path, relative to the kubelet's configured seccomp profile + location. Must only be set if type is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - a + profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile + should be used. Unconfined - no profile should be applied." + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is + linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. This field is + alpha-level and will only be honored by components that + enable the WindowsHostProcessContainers feature flag. + Setting this field without the feature flag will result + in errors when validating the Pod. All of a Pod's containers + must have the same effective HostProcess value (it is + not allowed to have a mix of HostProcess containers + and non-HostProcess containers). In addition, if HostProcess + is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the service account + used to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account.' + type: string + terminationGracePeriodSeconds: + description: terminationGracePeriodSeconds is the grace period + before the pod is deleted. + format: int64 + type: integer + tolerations: + description: tolerations specify the pods to schedule onto the + nodes with matching taints, using the triple `` + and the matching operator ``. + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: topologySpreadConstraints describe how a group of + pods ought to spread across topology domains. Scheduler will + schedule pods based on the constraints. All topologySpreadConstraints + are ANDed. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods + may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, + it is the maximum permitted difference between the number + of matching pods in the target topology and the global + minimum. For example, in a 3-zone cluster, MaxSkew is + set to 1, and pods with the same labelSelector spread + as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | + - if MaxSkew is 1, incoming pod can only be scheduled + to zone3 to become 1/1/1; scheduling it onto zone1(zone2) + would make the ActualSkew(2-0) on zone1(zone2) violate + MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled + onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, + it is used to give higher precedence to topologies that + satisfy it. It''s a required field. Default value is 1 + and 0 is not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - + DoNotSchedule (default) tells the scheduler not to schedule + it. - ScheduleAnyway tells the scheduler to schedule the + pod in any location, but giving higher precedence to + topologies that would help reduce the skew. A constraint + is considered "Unsatisfiable" for an incoming pod if and + only if every possible node assignment for that pod would + violate "MaxSkew" on some topology. For example, in a + 3-zone cluster, MaxSkew is set to 1, and pods with the + same labelSelector spread as 3/1/1: | zone1 | zone2 | + zone3 | | P P P | P | P | If WhenUnsatisfiable + is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) + on zone2(zone3) satisfies MaxSkew(1). In other words, + the cluster can still be imbalanced, but scheduler won''t + make it *more* imbalanced. It''s a required field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + replicas: + description: replicas is the desired number of replicas. A change + to this setting will roll the cluster. + format: int32 + type: integer + telemetry: + description: telemetry specifies the Confluent telemetry reporter + configuration. + properties: + global: + description: global allows disabling telemetry configuration. + If CFK is deployed with telemetry, this field is only used to + disable telemetry. The default value is `true` if telemetry + is enabled at the global level. + type: boolean + type: object + tls: + description: tls specifies the TLS configurations for the KafkaRestProxy + cluster. + properties: + autoGeneratedCerts: + description: autoGeneratedCerts specifies that the certificates + are auto-generated based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` is + not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether to ignore + the truststore configuration for the Confluent component. + type: boolean + jksPassword: + description: jksPassword references the secret containing the + JKS password. + properties: + secretRef: + description: 'secretRef references the name of the secret + containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing the certificates. + More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - image + - replicas + type: object + status: + description: status defines the observed state of the KafkaRestProxy cluster. + properties: + authorizationType: + description: authorizationType is the authorization type for this + Confluent component. + type: string + clusterName: + description: clusterName is the name of the Confluent Platform component + cluster. + type: string + clusterNamespace: + description: clusterNamespace is the namespace where the Confluent + Platform component cluster is running. + type: string + conditions: + description: conditions specify the latest available observations + of the current state. + items: + description: Condition represent the latest available observations + of the current state. + properties: + lastProbeTime: + description: lastProbeTime shows the last time the condition + was evaluated. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime shows the last time the condition + was transitioned from one status to another. + format: date-time + type: string + message: + description: message shows a human-readable message with details + about the transition. + type: string + reason: + description: reason shows the reason for the last transition + of the condition. + type: string + status: + description: status shows the status of the condition, one of + `True`, `False`, or `Unknown`. + type: string + type: + description: type shows the condition type. + type: string + type: object + type: array + currentReplicas: + description: currentReplicas is the number of currently running replicas. + format: int32 + type: integer + internalSecrets: + description: internalSecrets are internal secrets created by CFK for + this Confluent component. + items: + type: string + type: array + internalTopicNames: + description: internalTopicNames are the topics used by the component + for internal use. + items: + type: string + type: array + kafka: + description: kafka is the Kafka client side status for the KafkaRestProxy + cluster. + properties: + authenticationType: + description: authenticationType describes the authentication method + for the Kafka cluster. + type: string + bootstrapEndpoint: + description: bootstrapEndpoint specifies the Kafka bootstrap endpoint. + type: string + tls: + description: tls indicates whether TLS is enabled for the Kafka + dependency. + type: boolean + type: object + metricPrefix: + description: metricPrefix is the prefix for the JMX metric of the + KafkaRestProxy. + type: string + operatorVersion: + description: operatorVersion is the internal version of CFK. + type: string + phase: + description: phase describes the state of the Confluent Platform component. + type: string + rbac: + description: rbac contains the RBAC-related status when RBAC is enabled. + properties: + clusterID: + description: clusterID specifies the id of the cluster. + type: string + internalRolebindings: + description: internalRolebindings specifies the internal rolebindings. + items: + type: string + type: array + type: object + readyReplicas: + description: readyReplicas is the number of currently ready replicas. + format: int32 + type: integer + replicas: + description: replicas is the number of replicas. + format: int32 + type: integer + restConfig: + description: restConfig is the REST API configuration of the KafkaRestProxy. + properties: + advertisedExternalEndpoints: + description: advertisedExternalEndpoints specifies other advertised + endpoints used, especially for Kafka. + items: + type: string + type: array + authenticationType: + description: authenticationType shows the authentication type + configured by the listener. + type: string + externalAccessType: + description: externalAccessType shows the external access type + used for the listener. + type: string + externalEndpoint: + description: externalEndpoint specifies the external endpoint + to connect to the Confluent component cluster. + type: string + internalEndpoint: + description: internalEndpoint specifies the internal endpoint + to connect to the Confluent component cluster. + type: string + tls: + description: tls shows whether TLS is configured for the listener. + type: boolean + type: object + selector: + description: selector gets the label selector of the child pod. The + Horizontal Pod Autoscaler(HPA) will scale using the label selector + of the child pod. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.3.0/crds/platform.confluent.io_kafkas.yaml b/base/cfk-base/2.3.0/crds/platform.confluent.io_kafkas.yaml new file mode 100644 index 0000000..7471d6b --- /dev/null +++ b/base/cfk-base/2.3.0/crds/platform.confluent.io_kafkas.yaml @@ -0,0 +1,7154 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_kafkas.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + name: kafkas.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: Kafka + listKind: KafkaList + plural: kafkas + shortNames: + - kafka + - broker + singular: kafka + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.replicas + name: Replicas + type: string + - jsonPath: .status.readyReplicas + name: Ready + type: string + - jsonPath: .status.phase + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.zookeeperConnect + name: Zookeeper + priority: 1 + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: Kafka is the schema for the Kafka API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec defines the desired state of the Kafka cluster. + properties: + authorization: + description: authorization specifies the authorization configuration. + properties: + superUsers: + description: superUsers specify the super users to give the admin + privilege on the Kafka Cluster. This list takes the format as + `User:` + items: + type: string + type: array + type: + description: type specifies the authorization type. The valid + options are `rbac` and `simple`. + enum: + - rbac + - simple + type: string + required: + - type + type: object + configOverrides: + description: configOverrides specifies the configs to override the + server, JVM, Log4j properties for the Kafka cluster. + properties: + jvm: + description: jvm is a list of JVM configuration supported by the + Confluent Platform component. This will either add or update + the existing configuration. + items: + type: string + type: array + log4j: + description: log4j is a list of Log4J configuration supported + by the Confluent Platform component. This will either add or + update the existing configuration. + items: + type: string + type: array + server: + description: server is a list of server configuration supported + by the Confluent Platform component. This will either add or + update existing configuration. + items: + type: string + type: array + type: object + dataVolumeCapacity: + anyOf: + - type: integer + - type: string + description: dataVolumeCapacity specifies the persistent volume capacity + for the Kafka cluster. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + dependencies: + description: dependencies specify the Kafka dependencies, such as + Zookeeper and centralized MDS. + properties: + kafkaRest: + description: kafkaRest provides the REST client configuration + for the MDS when RBAC is enabled. + properties: + authentication: + description: authentication specifies the authentication for + the Kafka REST API. + properties: + bearer: + description: bearer specifies the bearer authentication + settings. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the + directory path in the container where the credential + is mounted. + minLength: 1 + type: string + secretRef: + description: 'secretRef specifies the name of the + secret that contains the credential. More info: + https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the authentication method + for the MDS. The valid option is `bearer`. + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: endpoint specifies where the Confluent Kafka + REST API is running. + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: tls specifies the client-side TLS configuration + to connect to the Kafka REST API. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the + secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: mds specifies the dependency configuration for the + primary MDS. + properties: + endpoint: + description: endpoint defines the primary Kafka cluster boostrap + endpoint. + minLength: 1 + pattern: ^https?://.* + type: string + kafka: + description: kafka specifies the dependency configuration + for Kafka cluster. + properties: + authentication: + description: authentication defines the authentication + for the Kafka cluster. + properties: + jaasConfig: + description: jaasConfig specifies the Kafka client-side + JaaS configuration. + properties: + secretRef: + description: 'secretRef references the secret + containing the required credentials. More info: + https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: jaasConfigPassThrough specifies another + way to provide the Kafka client-side JaaS configuration. + properties: + directoryPathInContainer: + description: 'directoryPathInContainer specifies + the directory path in the container where required + credentials are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + minLength: 1 + type: string + secretRef: + description: 'secretRef references the secret + containing the required credentials for authentication. + More info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + oauthbearer: + description: oauthbearer is the authentication mechanism + to provider principals. Only supported in RBAC deployment. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies + the directory path in the container where the + credential is mounted. + minLength: 1 + type: string + secretRef: + description: 'secretRef specifies the name of + the secret that contains the credential. More + info: https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the Kafka client authentication + type. Valid options are `plain`, `oauthbearer`, + `digest`, and `mtls`. + enum: + - plain + - oauthbearer + - digest + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: bootstrapEndpoint specifies the Kafka bootstrap + endpoint. + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: discovery specifies the capability to discover + the Kafka cluster. + properties: + name: + description: name is the name of the Confluent Platform + component cluster. + type: string + namespace: + description: namespace is where the Confluent Platform + component is running. The default value is the namespace + where CFK is running. + type: string + secretRef: + description: secretRef is the name of the secret used + to discover the Confluent Platform component. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: tls defines the client-side TLS setting for + the Kafka cluster. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the + directory path in the container where `keystore.jks`, + `truststore.jks`, and `jksPassword.txt` keys are + mounted. `truststore.jks` is not configured and + can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of + the secret containing the JKS password. More + info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + tls: + description: tls specifies the TLS configuration for the primary + MDS. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the + secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: tokenKeyPair specifies the token key pair for + the MDS. + properties: + directoryPathInContainer: + description: directoryPathInContainer defines the directory + path in the container where the MDS token key pair are + mounted. + minLength: 1 + type: string + secretRef: + description: secretRef references the name of the secret + that contains the MDS token key pair. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - endpoint + - kafka + - tokenKeyPair + type: object + schemaRegistry: + description: schemaRegistry specifies the dependency configuration + for the Schema Registry cluster. + properties: + authentication: + description: authentication specifies the authentication for + the Schema Registry cluster. + properties: + basic: + description: basic specifies the configuration for basic + authentication. + properties: + debug: + description: debug enables the basic authentication + debug logs for JaaS configuration. + type: boolean + directoryPathInContainer: + description: 'directoryPathInContainer allows to pass + the basic credential through a directory path in + the container. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + minLength: 1 + type: string + restrictedRoles: + description: restrictedRoles specify the restricted + roles on the server side only. Changes will be only + reflected in Control Center. This configuration + is ignored on the client side configuration. + items: + type: string + minItems: 1 + type: array + roles: + description: roles specify the roles on the server + side only. This configuration is ignored on the + client side configuration. + items: + type: string + type: array + secretRef: + description: 'secretRef defines secret reference to + pass the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the authentication scheme + for the REST API client. Valid options are `basic` and + `mtls`. + enum: + - basic + - mtls + type: string + required: + - type + type: object + tls: + description: tls defines the client-side TLS setting for the + Schema Registry cluster. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the + secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: url specifies the URL endpoint of the Schema + Registry cluster. + minLength: 1 + pattern: ^https?://.* + type: string + required: + - url + type: object + zookeeper: + description: zookeeper specifies the dependency configuration + for Zookeeper. + properties: + authentication: + description: authentication specifies the client side authentication + configuration of Zookeeper for Kafka cluster. + properties: + jaasConfig: + description: jaasConfig specifies the Kafka client-side + JaaS configuration. + properties: + secretRef: + description: 'secretRef references the secret containing + the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: jaasConfigPassThrough specifies another way + to provide the Kafka client-side JaaS configuration. + properties: + directoryPathInContainer: + description: 'directoryPathInContainer specifies the + directory path in the container where required credentials + are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + minLength: 1 + type: string + secretRef: + description: 'secretRef references the secret containing + the required credentials for authentication. More + info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + oauthbearer: + description: oauthbearer is the authentication mechanism + to provider principals. Only supported in RBAC deployment. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the + directory path in the container where the credential + is mounted. + minLength: 1 + type: string + secretRef: + description: 'secretRef specifies the name of the + secret that contains the credential. More info: + https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the Kafka client authentication + type. Valid options are `plain`, `oauthbearer`, `digest`, + and `mtls`. + enum: + - plain + - oauthbearer + - digest + - mtls + type: string + required: + - type + type: object + discovery: + description: discovery specifies the capability to discover + the Zookeeper cluster. + properties: + name: + description: name is the name of the Confluent Platform + component cluster. + type: string + namespace: + description: namespace is where the Confluent Platform + component is running. The default value is the namespace + where CFK is running. + type: string + secretRef: + description: secretRef is the name of the secret used + to discover the Confluent Platform component. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + endpoint: + description: endpoint specifies the Zookeeper endpoint. + minLength: 1 + pattern: .+:[0-9]+ + type: string + tls: + description: tls specifies the TLS configuration of Zookeeper + for Kafka cluster. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the + secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + type: object + headlessService: + description: headlessService specifies the configuration of the Kubernetes + headless service. + properties: + annotations: + additionalProperties: + type: string + description: annotations is a map of string key and value pairs. + It specifies the annotations to be added to the CFK-created + headless service. These annotations are merged with the injectAnnotations + and take precedence. + type: object + x-kubernetes-map-type: granular + labels: + additionalProperties: + type: string + description: labels is a map of string key and value pairs. It + specifies the labels to be added to the CFK-created headless + service. These labels are merged with the injectLabels and take + precedence. + type: object + x-kubernetes-map-type: granular + publishNotReadyAddresses: + description: publishNotReadyAddresses specifies the publishNotReadyAddresses + field. For Kafka, this value must be true. The default value + is true. + type: boolean + type: object + identityProvider: + description: identityProvider specifies the identity provider configuration. + It is only required for the Kafka authentication type `ldap`. When + the MDS is enabled, this property is ignored, and the LDAP configuration + in `spec.services.mds.provider` will be used. + properties: + ldap: + description: ldap defines the LDAP service configuration. + properties: + address: + description: address defines the LDAP server address. + type: string + authentication: + description: LdapAuthentication specifies the LDAP authentication + configuration. + properties: + simple: + description: simple specifies simple authentication configuration + for the LDAP. + properties: + directoryPathInContainer: + description: directoryPathInContainer defines the + directory path in the container where the credentials + are mounted. + minLength: 1 + type: string + secretRef: + description: secretRef references the name of the + secret that contains the credentials. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type defines the authentication method for + LDAP. Valid options are `simple` and `mtls`. + enum: + - simple + - mtls + type: string + required: + - type + type: object + configurations: + description: configurations defines the LDAP configurations + for Confluent RBAC. + properties: + groupMemberAttribute: + description: groupMemberAttribute specifies the LDAP group + member attribute. + minLength: 1 + type: string + groupMemberAttributePattern: + description: groupMemberAttributePattern specifies the + regular expression pattern for the LDAP group member + attribute. + minLength: 1 + type: string + groupNameAttribute: + description: groupNameAttribute specifies the LDAP group + name attribute. + minLength: 1 + type: string + groupObjectClass: + description: groupObjectClass specifies the LDAP group + object class. + minLength: 1 + type: string + groupSearchBase: + description: groupSearchBase specifies the LDAP search + base for the group-based search. + minLength: 1 + type: string + groupSearchFilter: + description: groupSearchFilter specifies the LDAP search + filter for the group-based search. + minLength: 1 + type: string + groupSearchScope: + description: groupSearchScope specifies the LDAP search + scope for the group-based search. + format: int32 + type: integer + userMemberOfAttributePattern: + description: userMemberOfAttributePattern specifies the + regular expression pattern for the LDAP user member + attribute. + minLength: 1 + type: string + userNameAttribute: + description: userNameAttribute specifies the LDAP username + attribute. + minLength: 1 + type: string + userObjectClass: + description: userObjectClass specifies the LDAP user object + class. + minLength: 1 + type: string + userSearchBase: + description: userSearchBase specifies the LDAP search + base for the user-based search. + minLength: 1 + type: string + userSearchFilter: + description: userSearchFilter specifies the LDAP search + filter for the user-based search. + minLength: 1 + type: string + userSearchScope: + description: userSearchScope specifies the LDAP search + scope for the user-based search. + format: int32 + type: integer + type: object + tls: + description: tls specifies the TLS configuration for the LDAP. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the + secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + required: + - address + - authentication + - configurations + type: object + type: + description: type defines the identity provider type. The valid + option is `ldap`. + enum: + - ldap + type: string + required: + - ldap + - type + type: object + image: + description: image specifies the application and the init docker image + configurations. A change to this setting will roll the cluster. + properties: + application: + description: application is the Docker image name of the application. + Specify `//:`. + pattern: .+:.+ + type: string + init: + description: init is the init-container name. Specify `//:`. + pattern: .+:.+ + type: string + pullPolicy: + description: pullPolicy is the policy for pulling images. Valid + options are `Always`, `Never`, and `IfNotPresent`. The default + value is `IfNotPresent`. + enum: + - Always + - Never + - IfNotPresent + type: string + pullSecretRef: + description: 'pullSecretRef references the secrets in the same + namespace to be used for pulling images. Image pull secrets + are distinct from secrets because secrets can be mounted in + the pod, but image pull secrets are only accessed by `kubelet`. + More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: injectAnnotations are the annotations injected to the + internal resources that CFK created. The internal annotations are + preserved and cannot be overridden. For pod annotations, use `podTemplate.annotations`. + type: object + x-kubernetes-map-type: granular + injectLabels: + additionalProperties: + type: string + description: injectLabels are the labels injected to the internal + resources that CFK created. The internal labels are preserved and + cannot be overridden. For pod labels, use `podTemplate.labels`. + type: object + x-kubernetes-map-type: granular + k8sClusterDomain: + description: k8sClusterDomain specifies the configuration of the Kubernetes + cluster domain. The default is the `cluster.local` domain. + type: string + license: + description: license specifies the license configuration for the Confluent + Platform component. + properties: + directoryPathInContainer: + description: 'directoryPathInContainer specifies the directory + path in the container where the license key is mounted. More + info: https://docs.confluent.io/operator/current/co-license.html#update-component-level-licenses' + minLength: 1 + type: string + globalLicense: + description: globalLicense specifies whether the Confluent Platform + component shares the CFK license. + type: boolean + secretRef: + description: 'secretRef references the secret that provides the + license for the Confluent Platform component. More info: https://docs.confluent.io/operator/current/co-license.html#update-component-level-licenses' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + listeners: + description: listeners specify the listeners configurations. + properties: + custom: + description: custom defines the list of KafkaCustomListener. + items: + description: KafkaCustomListener defines the Kafka custom listener. + properties: + authentication: + description: authentication specifies the authentication + configuration for the listener. + properties: + jaasConfig: + description: 'jaasConfig specifies the JaaS configuration. + More info: https://docs.confluent.io/operator/current/co-authenticate.html' + properties: + secretRef: + description: 'secretRef references the secret containing + the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: 'jaasConfigPassThrough specifies another + way to provide JaaS configuration. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + properties: + directoryPathInContainer: + description: 'directoryPathInContainer specifies + the directory path in the container where required + credentials are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + minLength: 1 + type: string + secretRef: + description: 'secretRef references the secret containing + the required credentials for authentication. More + info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + principalMappingRules: + items: + type: string + type: array + type: + description: type specifies the Kafka or Zookeeper authentication + type. Valid options are `plain`, `digest`, `mtls`, + and `ldap`. + enum: + - plain + - digest + - mtls + - ldap + type: string + required: + - type + type: object + externalAccess: + description: externalAccess defines the external access + configuration for the Kafka cluster. + properties: + loadBalancer: + description: loadBalancer specifies the configuration + to create Kubernetes load balancer services. + properties: + advertisedPort: + description: advertisedPort specifies the advertised + port for Kafka external access. If not configured, + it will be the same as the listener port. Information + about the advertised port can be retrieved through + the status API. + format: int32 + type: integer + annotations: + additionalProperties: + type: string + description: annotations is a map of string key + and value pairs. It specifies Kubernetes annotations + for the load balancer service. + type: object + x-kubernetes-map-type: granular + bootstrapPrefix: + description: bootstrapPrefix specifies the prefix + for the Kafka bootstrap advertised endpoint and + will be added as `bootstrapPrefix.domain`. The + default value is the Kafka cluster name. + minLength: 1 + type: string + brokerPrefix: + description: brokerPrefix specifies the prefix for + the Kafka broker advertised endpoint and will + be added as `brokerPrefix.domain`. The default + value is `b`, such as `b#.domain` where `#` starts + from `0` to the replicas count. + minLength: 1 + type: string + domain: + description: domain is the domain name of the component + cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: externalTrafficPolicy specifies the + external traffic policy for the service. Valid + options are `Local` and `Cluster`. + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: loadBalancerSourceRanges specify the + source ranges. + items: + type: string + type: array + servicePorts: + description: servicePorts specify the user-provided + service port(s). + items: + description: ServicePort contains information + on service's port. + properties: + appProtocol: + description: The application protocol for + this port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per + RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed + names such as mycompany.com/my-custom-protocol. + type: string + name: + description: The name of this port within + the service. This must be a DNS_LABEL. All + ports within a ServiceSpec must have unique + names. When considering the endpoints for + a Service, this must match the 'name' field + in the EndpointPort. Optional if only one + ServicePort is defined on this service. + type: string + nodePort: + description: 'The port on each node on which + this service is exposed when type is NodePort + or LoadBalancer. Usually assigned by the + system. If a value is specified, in-range, + and not in use it will be used, otherwise + the operation will fail. If not specified, + a port will be allocated if this Service + requires one. If this field is specified + when creating a Service which does not need + it, creation will fail. This field will + be wiped when updating a Service to no longer + need it (e.g. changing type from NodePort + to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed + by this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. + Supports "TCP", "UDP", and "SCTP". Default + is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to + access on the pods targeted by the service. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. If this is + a string, it will be looked up as a named + port in the target Pod''s container ports. + If this is not specified, the value of the + ''port'' field is used (an identity map). + This field is ignored for services with + clusterIP=None, and should be omitted or + set equal to the ''port'' field. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'sessionAffinity defines the Kubernetes + session affinity. The valid options are `ClientIP` + and `None`. `ClientIP` enables the client IP-based + session affinity. The default value is `None`. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the + configurations of the session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the + seconds of ClientIP type session sticky + time. The value must be >0 && <=86400(for + 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - domain + type: object + nodePort: + description: nodePort specifies the configuration to + create Kubernetes node port services. + properties: + advertisedURL: + description: advertisedURL specifies the configuration + for advertised listener per pod. It is only supported + for MDS currently. If it is enabled, instead of + using internal endpoint, the MDS advertised listener + for each broker will be set to `://:, where`podId` starts from `0` to + `replicaCount - 1`. This is only recommended if + you cannot add internal SANs to the TLS certificates + for MDS and the external DNS must be resolved + inside the Kubernetes cluster. + properties: + enabled: + description: enabled indicates whether to set + the MDS advertised listener url with external + endpoint for each broker. + type: boolean + prefix: + description: prefix specifies the broker prefix + for MDS advertised endpoint if using loadBalancer + external access. If not configured, it uses + `b` as default prefix, such as `b#.domain` + where `#` will start from `0` to `replicaCount + -1`. + minLength: 1 + type: string + required: + - enabled + type: object + annotations: + additionalProperties: + type: string + description: annotations is a map of string key + and value pairs that contains Kubernetes annotations + for the node port service. + type: object + x-kubernetes-map-type: granular + externalTrafficPolicy: + description: externalTrafficPolicy specifies the + external traffic policy for the service. Valid + options are `Local` and `Cluster`. + enum: + - Local + - Cluster + type: string + host: + description: host defines the host name of the cluster. + minLength: 1 + type: string + nodePortOffset: + description: nodePortOffset specifies the starting + offset of the node ports. The port numbers go + in ascending order with respect to the replicas + count. NodePort service creation fails if the + node port is not in the range supported by the + Kubernetes API server. The default Kubernetes + Node Port range is `30000` - `32762`. + format: int32 + minimum: 0 + type: integer + servicePorts: + description: servicePorts specify user-provided + service port(s). For Kafka with the nodePort type, + this setting is only applied to Kafka bootstrap + service. + items: + description: ServicePort contains information + on service's port. + properties: + appProtocol: + description: The application protocol for + this port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per + RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed + names such as mycompany.com/my-custom-protocol. + type: string + name: + description: The name of this port within + the service. This must be a DNS_LABEL. All + ports within a ServiceSpec must have unique + names. When considering the endpoints for + a Service, this must match the 'name' field + in the EndpointPort. Optional if only one + ServicePort is defined on this service. + type: string + nodePort: + description: 'The port on each node on which + this service is exposed when type is NodePort + or LoadBalancer. Usually assigned by the + system. If a value is specified, in-range, + and not in use it will be used, otherwise + the operation will fail. If not specified, + a port will be allocated if this Service + requires one. If this field is specified + when creating a Service which does not need + it, creation will fail. This field will + be wiped when updating a Service to no longer + need it (e.g. changing type from NodePort + to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed + by this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. + Supports "TCP", "UDP", and "SCTP". Default + is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to + access on the pods targeted by the service. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. If this is + a string, it will be looked up as a named + port in the target Pod''s container ports. + If this is not specified, the value of the + ''port'' field is used (an identity map). + This field is ignored for services with + clusterIP=None, and should be omitted or + set equal to the ''port'' field. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'sessionAffinity defines the Kubernetes + session affinity. The valid options are `ClientIP` + and `None`. `ClientIP` enables the client IP-based + session affinity. The default value is `None`. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the + configurations of the session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the + seconds of ClientIP type session sticky + time. The value must be >0 && <=86400(for + 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - host + - nodePortOffset + type: object + route: + description: route specifies the configuration to create + route services in OpenShift. + properties: + annotations: + additionalProperties: + type: string + description: annotations is a map of string key + and value pairs that contains Kubernetes annotations + for the route services. + type: object + x-kubernetes-map-type: granular + bootstrapPrefix: + description: bootstrapPrefix specifies the prefix + for the Kafka bootstrap advertised endpoint and + will be added as `bootstrapPrefix.domain`. The + default value is the Kafka cluster name. + minLength: 1 + type: string + brokerPrefix: + description: brokerPrefix specifies the prefix for + the Kafka broker advertised endpoint and will + be added as `brokerPrefix.domain`. The default + value is `b`, such as `b#.domain` where `#` starts + from `0` to the replicas count. + minLength: 1 + type: string + domain: + description: domain specifies the domain name of + the Confluent component cluster. + minLength: 1 + type: string + wildcardPolicy: + description: wildcardPolicy allows you to define + a route that covers all hosts within a domain. + Valid options are `Subdomain` and `None`. The + default value is `None`. + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + staticForHostBasedRouting: + description: staticForHostBasedRouting enables external + access by doing host based routing through the SNI + capability. With this schema, CFK only configures + Kafka advertised listeners, and no Kubernetes external + service is created. + properties: + brokerPrefix: + description: brokerPrefix specifies the prefix for + the broker advertised endpoints and are added + as `brokerPrefix.domain`. If not configured, it + will add `b` as a prefix, such as `b#.domain` + where `#` will start from `0` to the replicas + count. + minLength: 1 + type: string + domain: + description: domain specifies the domain name for + the Kafka cluster. + minLength: 1 + type: string + port: + description: port specifies the port to be used + in the advertised listener for a broker. + format: int32 + type: integer + required: + - domain + - port + type: object + staticForPortBasedRouting: + description: staticForPortBasedRouting enables external + access by port routing. With this schema, CFK only + configures Kafka advertised listeners, and no Kubernetes + external service is created. + properties: + host: + description: host defines the host name to be used + in the advertised listener for a broker. + minLength: 1 + type: string + portOffset: + description: portOffset specifies the starting port + number. The port numbers go in ascending order + with respect to the replicas count. + format: int32 + type: integer + required: + - host + - portOffset + type: object + type: + description: type specifies the Kubernetes service for + external access. Valid options are `loadBalancer`, + `nodePort`, `route`, `staticForPortBasedRouting`, + and `staticForHostBasedRouting`. + enum: + - loadBalancer + - nodePort + - route + - staticForPortBasedRouting + - staticForHostBasedRouting + type: string + required: + - type + type: object + name: + description: name specifies the name of the custom listener. + `internal`, `external`, and `token` are reserved by CFK + and can't be used for this property. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + port: + description: port binds the given port to the custom listener. + Port numbers lower than `9093` are reserved by CFK. + format: int32 + minimum: 9093 + type: integer + tls: + description: tls specifies the TLS configuration for the + listener. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the + directory path in the container where `keystore.jks`, + `truststore.jks`, and `jksPassword.txt` keys are mounted. + `truststore.jks` is not configured and can be ignored + when the `ignoreTrustStoreConfig` field is set to + `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the + secret containing the JKS password. More info: + https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + required: + - name + - port + type: object + type: array + external: + description: external specifies the Kafka external listener. + properties: + authentication: + description: authentication specifies the authentication configuration + for the listener. + properties: + jaasConfig: + description: 'jaasConfig specifies the JaaS configuration. + More info: https://docs.confluent.io/operator/current/co-authenticate.html' + properties: + secretRef: + description: 'secretRef references the secret containing + the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: 'jaasConfigPassThrough specifies another + way to provide JaaS configuration. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + properties: + directoryPathInContainer: + description: 'directoryPathInContainer specifies the + directory path in the container where required credentials + are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + minLength: 1 + type: string + secretRef: + description: 'secretRef references the secret containing + the required credentials for authentication. More + info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + principalMappingRules: + items: + type: string + type: array + type: + description: type specifies the Kafka or Zookeeper authentication + type. Valid options are `plain`, `digest`, `mtls`, and + `ldap`. + enum: + - plain + - digest + - mtls + - ldap + type: string + required: + - type + type: object + externalAccess: + description: externalAccess defines the external access configuration + for the Kafka cluster. + properties: + loadBalancer: + description: loadBalancer specifies the configuration + to create Kubernetes load balancer services. + properties: + advertisedPort: + description: advertisedPort specifies the advertised + port for Kafka external access. If not configured, + it will be the same as the listener port. Information + about the advertised port can be retrieved through + the status API. + format: int32 + type: integer + annotations: + additionalProperties: + type: string + description: annotations is a map of string key and + value pairs. It specifies Kubernetes annotations + for the load balancer service. + type: object + x-kubernetes-map-type: granular + bootstrapPrefix: + description: bootstrapPrefix specifies the prefix + for the Kafka bootstrap advertised endpoint and + will be added as `bootstrapPrefix.domain`. The default + value is the Kafka cluster name. + minLength: 1 + type: string + brokerPrefix: + description: brokerPrefix specifies the prefix for + the Kafka broker advertised endpoint and will be + added as `brokerPrefix.domain`. The default value + is `b`, such as `b#.domain` where `#` starts from + `0` to the replicas count. + minLength: 1 + type: string + domain: + description: domain is the domain name of the component + cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: externalTrafficPolicy specifies the external + traffic policy for the service. Valid options are + `Local` and `Cluster`. + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: loadBalancerSourceRanges specify the + source ranges. + items: + type: string + type: array + servicePorts: + description: servicePorts specify the user-provided + service port(s). + items: + description: ServicePort contains information on + service's port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed + names such as mycompany.com/my-custom-protocol. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which + this service is exposed when type is NodePort + or LoadBalancer. Usually assigned by the + system. If a value is specified, in-range, + and not in use it will be used, otherwise + the operation will fail. If not specified, + a port will be allocated if this Service requires + one. If this field is specified when creating + a Service which does not need it, creation + will fail. This field will be wiped when updating + a Service to no longer need it (e.g. changing + type from NodePort to ClusterIP). More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. + Supports "TCP", "UDP", and "SCTP". Default + is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to + access on the pods targeted by the service. + Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. If this is a string, + it will be looked up as a named port in the + target Pod''s container ports. If this is + not specified, the value of the ''port'' field + is used (an identity map). This field is ignored + for services with clusterIP=None, and should + be omitted or set equal to the ''port'' field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'sessionAffinity defines the Kubernetes + session affinity. The valid options are `ClientIP` + and `None`. `ClientIP` enables the client IP-based + session affinity. The default value is `None`. More + info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of the session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the + seconds of ClientIP type session sticky + time. The value must be >0 && <=86400(for + 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - domain + type: object + nodePort: + description: nodePort specifies the configuration to create + Kubernetes node port services. + properties: + advertisedURL: + description: advertisedURL specifies the configuration + for advertised listener per pod. It is only supported + for MDS currently. If it is enabled, instead of + using internal endpoint, the MDS advertised listener + for each broker will be set to `://:, where`podId` starts from `0` to `replicaCount + - 1`. This is only recommended if you cannot add + internal SANs to the TLS certificates for MDS and + the external DNS must be resolved inside the Kubernetes + cluster. + properties: + enabled: + description: enabled indicates whether to set + the MDS advertised listener url with external + endpoint for each broker. + type: boolean + prefix: + description: prefix specifies the broker prefix + for MDS advertised endpoint if using loadBalancer + external access. If not configured, it uses + `b` as default prefix, such as `b#.domain` where + `#` will start from `0` to `replicaCount -1`. + minLength: 1 + type: string + required: + - enabled + type: object + annotations: + additionalProperties: + type: string + description: annotations is a map of string key and + value pairs that contains Kubernetes annotations + for the node port service. + type: object + x-kubernetes-map-type: granular + externalTrafficPolicy: + description: externalTrafficPolicy specifies the external + traffic policy for the service. Valid options are + `Local` and `Cluster`. + enum: + - Local + - Cluster + type: string + host: + description: host defines the host name of the cluster. + minLength: 1 + type: string + nodePortOffset: + description: nodePortOffset specifies the starting + offset of the node ports. The port numbers go in + ascending order with respect to the replicas count. + NodePort service creation fails if the node port + is not in the range supported by the Kubernetes + API server. The default Kubernetes Node Port range + is `30000` - `32762`. + format: int32 + minimum: 0 + type: integer + servicePorts: + description: servicePorts specify user-provided service + port(s). For Kafka with the nodePort type, this + setting is only applied to Kafka bootstrap service. + items: + description: ServicePort contains information on + service's port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed + names such as mycompany.com/my-custom-protocol. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which + this service is exposed when type is NodePort + or LoadBalancer. Usually assigned by the + system. If a value is specified, in-range, + and not in use it will be used, otherwise + the operation will fail. If not specified, + a port will be allocated if this Service requires + one. If this field is specified when creating + a Service which does not need it, creation + will fail. This field will be wiped when updating + a Service to no longer need it (e.g. changing + type from NodePort to ClusterIP). More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. + Supports "TCP", "UDP", and "SCTP". Default + is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to + access on the pods targeted by the service. + Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. If this is a string, + it will be looked up as a named port in the + target Pod''s container ports. If this is + not specified, the value of the ''port'' field + is used (an identity map). This field is ignored + for services with clusterIP=None, and should + be omitted or set equal to the ''port'' field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'sessionAffinity defines the Kubernetes + session affinity. The valid options are `ClientIP` + and `None`. `ClientIP` enables the client IP-based + session affinity. The default value is `None`. More + info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of the session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the + seconds of ClientIP type session sticky + time. The value must be >0 && <=86400(for + 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - host + - nodePortOffset + type: object + route: + description: route specifies the configuration to create + route services in OpenShift. + properties: + annotations: + additionalProperties: + type: string + description: annotations is a map of string key and + value pairs that contains Kubernetes annotations + for the route services. + type: object + x-kubernetes-map-type: granular + bootstrapPrefix: + description: bootstrapPrefix specifies the prefix + for the Kafka bootstrap advertised endpoint and + will be added as `bootstrapPrefix.domain`. The default + value is the Kafka cluster name. + minLength: 1 + type: string + brokerPrefix: + description: brokerPrefix specifies the prefix for + the Kafka broker advertised endpoint and will be + added as `brokerPrefix.domain`. The default value + is `b`, such as `b#.domain` where `#` starts from + `0` to the replicas count. + minLength: 1 + type: string + domain: + description: domain specifies the domain name of the + Confluent component cluster. + minLength: 1 + type: string + wildcardPolicy: + description: wildcardPolicy allows you to define a + route that covers all hosts within a domain. Valid + options are `Subdomain` and `None`. The default + value is `None`. + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + staticForHostBasedRouting: + description: staticForHostBasedRouting enables external + access by doing host based routing through the SNI capability. + With this schema, CFK only configures Kafka advertised + listeners, and no Kubernetes external service is created. + properties: + brokerPrefix: + description: brokerPrefix specifies the prefix for + the broker advertised endpoints and are added as + `brokerPrefix.domain`. If not configured, it will + add `b` as a prefix, such as `b#.domain` where `#` + will start from `0` to the replicas count. + minLength: 1 + type: string + domain: + description: domain specifies the domain name for + the Kafka cluster. + minLength: 1 + type: string + port: + description: port specifies the port to be used in + the advertised listener for a broker. + format: int32 + type: integer + required: + - domain + - port + type: object + staticForPortBasedRouting: + description: staticForPortBasedRouting enables external + access by port routing. With this schema, CFK only configures + Kafka advertised listeners, and no Kubernetes external + service is created. + properties: + host: + description: host defines the host name to be used + in the advertised listener for a broker. + minLength: 1 + type: string + portOffset: + description: portOffset specifies the starting port + number. The port numbers go in ascending order with + respect to the replicas count. + format: int32 + type: integer + required: + - host + - portOffset + type: object + type: + description: type specifies the Kubernetes service for + external access. Valid options are `loadBalancer`, `nodePort`, + `route`, `staticForPortBasedRouting`, and `staticForHostBasedRouting`. + enum: + - loadBalancer + - nodePort + - route + - staticForPortBasedRouting + - staticForHostBasedRouting + type: string + required: + - type + type: object + tls: + description: tls specifies the TLS configuration for the listener. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the + secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + internal: + description: internal specifies the internal listener. + properties: + authentication: + description: authentication specifies the authentication configuration + for the listener. + properties: + jaasConfig: + description: 'jaasConfig specifies the JaaS configuration. + More info: https://docs.confluent.io/operator/current/co-authenticate.html' + properties: + secretRef: + description: 'secretRef references the secret containing + the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: 'jaasConfigPassThrough specifies another + way to provide JaaS configuration. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + properties: + directoryPathInContainer: + description: 'directoryPathInContainer specifies the + directory path in the container where required credentials + are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + minLength: 1 + type: string + secretRef: + description: 'secretRef references the secret containing + the required credentials for authentication. More + info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + principalMappingRules: + items: + type: string + type: array + type: + description: type specifies the Kafka or Zookeeper authentication + type. Valid options are `plain`, `digest`, `mtls`, and + `ldap`. + enum: + - plain + - digest + - mtls + - ldap + type: string + required: + - type + type: object + tls: + description: tls specifies the TLS configuration for the listener. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the + secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + type: object + metricReporter: + description: metricsReporter specifies the configuration of the metric + reporter. The metric reporter is enabled by default. If authentication + and TLS are not set, the metrics reporter uses internal listener's + authentication and TLS . + properties: + authentication: + description: authentication specifies the Kafka client-side authentication + configuration. + properties: + jaasConfig: + description: jaasConfig specifies the Kafka client-side JaaS + configuration. + properties: + secretRef: + description: 'secretRef references the secret containing + the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: jaasConfigPassThrough specifies another way to + provide the Kafka client-side JaaS configuration. + properties: + directoryPathInContainer: + description: 'directoryPathInContainer specifies the directory + path in the container where required credentials are + mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + minLength: 1 + type: string + secretRef: + description: 'secretRef references the secret containing + the required credentials for authentication. More info: + https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + oauthbearer: + description: oauthbearer is the authentication mechanism to + provider principals. Only supported in RBAC deployment. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where the credential is mounted. + minLength: 1 + type: string + secretRef: + description: 'secretRef specifies the name of the secret + that contains the credential. More info: https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the Kafka client authentication + type. Valid options are `plain`, `oauthbearer`, `digest`, + and `mtls`. + enum: + - plain + - oauthbearer + - digest + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: bootstrapEndpoint specifies the Kafka bootstrap endpoint. + type: string + enabled: + description: enabled specifies whether to enable or disable the + metric reporter. + type: boolean + replicationFactor: + description: replicationFactor specifies the number of replicas + in the metric topic. + format: int32 + type: integer + tls: + description: tls specifies the Kafka client-side TLS configuration. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether to ignore + the truststore configuration for the Confluent component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the secret + containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing the + certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + required: + - enabled + type: object + metrics: + description: metrics specify the security settings for the metric + services. + properties: + authentication: + description: authentication specifies the authentication configuration + for the metrics. + properties: + type: + description: type specifies the metrics authentication method. + The valid option is `mtls`. + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: prometheus specifies the configuration overrides + for the JMX-Prometheus exporter. + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Rule defines the Prometheus Exporter rule override. + properties: + attrNameSnakeCase: + type: boolean + cache: + type: boolean + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + anyOf: + - type: integer + - type: string + default: 1 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: tls specifies the TLS configuration for the metrics. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether to ignore + the truststore configuration for the Confluent component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the secret + containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing the + certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: 'mountedSecrets list the secrets injected to the underlying + statefulset configuration. The secret reference is mounted in the + default path `/mnt/secrets/`. The underlying resources + will follow the secret as a file configuration. More info: https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod. + A change to this setting will roll the cluster.' + items: + description: MountedSecrets provides a way to inject a custom secret + to the underlying statefulset. + properties: + keyItems: + description: keyItems are key and path names. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions + on this file. Must be an octal value between 0000 and + 0777 or a decimal value between 0 and 511. YAML accepts + both octal and decimal values, JSON requires decimal + values for mode bits. If not specified, the volume defaultMode + will be used. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: secretRef references the name of the secret. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + mountedVolumes: + description: mountedVolumes list the custom volumes that need to be + mounted into the underlying statefulset. A change to this setting + will roll the cluster. + properties: + volumeMounts: + description: volumeMounts specify the list of volume mounts for + the pods in the statefulset. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + description: volumes specify the list of volumes that can be mounted + into the pods of statefulset. + items: + description: Volume represents a named volume in a pod that + may be accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'AWSElasticBlockStore represents an AWS Disk + resource that is attached to a kubelet''s host machine + and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'Filesystem type of the volume that you + want to mount. Tip: Ensure that the filesystem type + is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + partition: + description: 'The partition in the volume that you want + to mount. If omitted, the default is to mount by volume + name. Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume partition + for /dev/sda is "0" (or you can leave the property + empty).' + format: int32 + type: integer + readOnly: + description: 'Specify "true" to force and set the ReadOnly + property in VolumeMounts to "true". If omitted, the + default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'Unique ID of the persistent disk resource + in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: AzureDisk represents an Azure Data Disk mount + on the host and bind mount to the pod. + properties: + cachingMode: + description: 'Host Caching mode: None, Read Only, Read + Write.' + type: string + diskName: + description: The Name of the data disk in the blob storage + type: string + diskURI: + description: The URI the data disk in the blob storage + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if + unspecified. + type: string + kind: + description: 'Expected values Shared: multiple blob + disks per storage account Dedicated: single blob + disk per storage account Managed: azure managed data + disk (only in managed availability set). defaults + to shared' + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: AzureFile represents an Azure File Service + mount on the host and bind mount to the pod. + properties: + readOnly: + description: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: the name of secret that contains Azure + Storage Account Name and Key + type: string + shareName: + description: Share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: CephFS represents a Ceph FS mount on the host + that shares a pod's lifetime + properties: + monitors: + description: 'Required: Monitors is a collection of + Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'Optional: Used as the mounted root, rather + than the full Ceph tree, default is /' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'Optional: SecretFile is the path to key + ring for User, default is /etc/ceph/user.secret More + info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'Optional: SecretRef is reference to the + authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + user: + description: 'Optional: User is the rados user name, + default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'Cinder represents a cinder volume attached + and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'Optional: points to a secret object containing + parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + volumeID: + description: 'volume id used to identify the volume + in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: ConfigMap represents a configMap that should + populate this volume + properties: + defaultMode: + description: 'Optional: mode bits used to set permissions + on created files by default. Must be an octal value + between 0000 and 0777 or a decimal value between 0 + and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults + to 0644. Directories within the path are not affected + by this setting. This might be in conflict with other + options that affect the file mode, like fsGroup, and + the result can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in + the Data field of the referenced ConfigMap will be + projected into the volume as a file whose name is + the key and content is the value. If specified, the + listed keys will be projected into the specified paths, + and unlisted keys will not be present. If a key is + specified which is not present in the ConfigMap, the + volume setup will error unless it is marked optional. + Paths must be relative and may not contain the '..' + path or start with '..'. + items: + description: Maps a string key to a path within a + volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set + permissions on this file. Must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal + values, JSON requires decimal values for mode + bits. If not specified, the volume defaultMode + will be used. This might be in conflict with + other options that affect the file mode, like + fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + path: + description: The relative path of the file to + map the key to. May not be an absolute path. + May not contain the path element '..'. May not + start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys + must be defined + type: boolean + type: object + csi: + description: CSI (Container Storage Interface) represents + ephemeral storage that is handled by certain external + CSI drivers (Beta feature). + properties: + driver: + description: Driver is the name of the CSI driver that + handles this volume. Consult with your admin for the + correct name as registered in the cluster. + type: string + fsType: + description: Filesystem type to mount. Ex. "ext4", "xfs", + "ntfs". If not provided, the empty value is passed + to the associated CSI driver which will determine + the default filesystem to apply. + type: string + nodePublishSecretRef: + description: NodePublishSecretRef is a reference to + the secret object containing sensitive information + to pass to the CSI driver to complete the CSI NodePublishVolume + and NodeUnpublishVolume calls. This field is optional, + and may be empty if no secret is required. If the + secret object contains more than one secret, all secret + references are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + readOnly: + description: Specifies a read-only configuration for + the volume. Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: VolumeAttributes stores driver-specific + properties that are passed to the CSI driver. Consult + your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: DownwardAPI represents downward API about the + pod that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created + files by default. Must be a Optional: mode bits used + to set permissions on created files by default. Must + be an octal value between 0000 and 0777 or a decimal + value between 0 and 511. YAML accepts both octal and + decimal values, JSON requires decimal values for mode + bits. Defaults to 0644. Directories within the path + are not affected by this setting. This might be in + conflict with other options that affect the file mode, + like fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume + file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the + pod: only annotations, labels, name and namespace + are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits used to set + permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal + values, JSON requires decimal values for mode + bits. If not specified, the volume defaultMode + will be used. This might be in conflict with + other options that affect the file mode, like + fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must not + be absolute or contain the ''..'' path. Must + be utf-8 encoded. The first item of the relative + path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'EmptyDir represents a temporary directory + that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'What type of storage medium should back + this directory. The default is "" which means to use + the node''s default medium. Must be an empty string + (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'Total amount of local storage required + for this EmptyDir volume. The size limit is also applicable + for memory medium. The maximum usage on memory medium + EmptyDir would be the minimum value between the SizeLimit + specified here and the sum of memory limits of all + containers in a pod. The default is nil which means + that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: "Ephemeral represents a volume that is handled + by a cluster storage driver. The volume's lifecycle is + tied to the pod that defines it - it will be created before + the pod starts, and deleted when the pod is removed. \n + Use this if: a) the volume is only needed while the pod + runs, b) features of normal volumes like restoring from + snapshot or capacity tracking are needed, c) the storage + driver is specified through a storage class, and d) the + storage driver supports dynamic volume provisioning through + \ a PersistentVolumeClaim (see EphemeralVolumeSource + for more information on the connection between this + volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim + or one of the vendor-specific APIs for volumes that persist + for longer than the lifecycle of an individual pod. \n + Use CSI for light-weight local ephemeral volumes if the + CSI driver is meant to be used that way - see the documentation + of the driver for more information. \n A pod can use both + types of ephemeral volumes and persistent volumes at the + same time." + properties: + volumeClaimTemplate: + description: "Will be used to create a stand-alone PVC + to provision the volume. The pod in which this EphemeralVolumeSource + is embedded will be the owner of the PVC, i.e. the + PVC will be deleted together with the pod. The name + of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` + array entry. Pod validation will reject the pod if + the concatenated name is not valid for a PVC (for + example, too long). \n An existing PVC with that name + that is not owned by the pod will *not* be used for + the pod to avoid using an unrelated volume by mistake. + Starting the pod is then blocked until the unrelated + PVC is removed. If such a pre-created PVC is meant + to be used by the pod, the PVC has to updated with + an owner reference to the pod once the pod exists. + Normally this should not be necessary, but it may + be useful when manually reconstructing a broken cluster. + \n This field is read-only and no changes will be + made by Kubernetes to the PVC after it has been created. + \n Required, must not be nil." + properties: + metadata: + description: May contain labels and annotations + that will be copied into the PVC when creating + it. No other fields are allowed and will be rejected + during validation. + type: object + spec: + description: The specification for the PersistentVolumeClaim. + The entire content is copied unchanged into the + PVC that gets created from this template. The + same fields as in a PersistentVolumeClaim are + also valid here. + properties: + accessModes: + description: 'AccessModes contains the desired + access modes the volume should have. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'This field can be used to specify + either: * An existing VolumeSnapshot object + (snapshot.storage.k8s.io/VolumeSnapshot) * + An existing PVC (PersistentVolumeClaim) If + the provisioner or an external controller + can support the specified data source, it + will create a new volume based on the contents + of the specified data source. If the AnyVolumeDataSource + feature gate is enabled, this field will always + have the same contents as the DataSourceRef + field.' + properties: + apiGroup: + description: APIGroup is the group for the + resource being referenced. If APIGroup + is not specified, the specified Kind must + be in the core API group. For any other + third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + dataSourceRef: + description: 'Specifies the object from which + to populate the volume with data, if a non-empty + volume is desired. This may be any local object + from a non-empty API group (non core object) + or a PersistentVolumeClaim object. When this + field is specified, volume binding will only + succeed if the type of the specified object + matches some installed volume populator or + dynamic provisioner. This field will replace + the functionality of the DataSource field + and as such if both fields are non-empty, + they must have the same value. For backwards + compatibility, both fields (DataSource and + DataSourceRef) will be set to the same value + automatically if one of them is empty and + the other is non-empty. There are two important + differences between DataSource and DataSourceRef: + * While DataSource only allows two specific + types of objects, DataSourceRef allows any + non-core object, as well as PersistentVolumeClaim + objects. * While DataSource ignores disallowed + values (dropping them), DataSourceRef preserves + all values, and generates an error if a disallowed + value is specified. (Alpha) Using this field + requires the AnyVolumeDataSource feature gate + to be enabled.' + properties: + apiGroup: + description: APIGroup is the group for the + resource being referenced. If APIGroup + is not specified, the specified Kind must + be in the core API group. For any other + third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + resources: + description: 'Resources represents the minimum + resources the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify + resource requirements that are lower than + previous value but must still be higher than + capacity recorded in the status field of the + claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. + If Requests is omitted for a container, + it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: A label query over volumes to consider + for binding. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'Name of the StorageClass required + by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of + volume is required by the claim. Value of + Filesystem is implied when not included in + claim spec. + type: string + volumeName: + description: VolumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: FC represents a Fibre Channel resource that + is attached to a kubelet's host machine and then exposed + to the pod. + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if + unspecified. TODO: how do we prevent errors in the + filesystem from compromising the machine' + type: string + lun: + description: 'Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'Optional: FC target worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: 'Optional: FC volume world wide identifiers + (wwids) Either wwids or combination of targetWWNs + and lun must be set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: FlexVolume represents a generic volume resource + that is provisioned/attached using an exec based plugin. + properties: + driver: + description: Driver is the name of the driver to use + for this volume. + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". The default filesystem depends on FlexVolume + script. + type: string + options: + additionalProperties: + type: string + description: 'Optional: Extra command options if any.' + type: object + readOnly: + description: 'Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'Optional: SecretRef is reference to the + secret object containing sensitive information to + pass to the plugin scripts. This may be empty if no + secret object is specified. If the secret object contains + more than one secret, all secrets are passed to the + plugin scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + required: + - driver + type: object + flocker: + description: Flocker represents a Flocker volume attached + to a kubelet's host machine. This depends on the Flocker + control service being running + properties: + datasetName: + description: Name of the dataset stored as metadata + -> name on the dataset for Flocker should be considered + as deprecated + type: string + datasetUUID: + description: UUID of the dataset. This is unique identifier + of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'GCEPersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then + exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'Filesystem type of the volume that you + want to mount. Tip: Ensure that the filesystem type + is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + partition: + description: 'The partition in the volume that you want + to mount. If omitted, the default is to mount by volume + name. Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume partition + for /dev/sda is "0" (or you can leave the property + empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'Unique name of the PD resource in GCE. + Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly + setting in VolumeMounts. Defaults to false. More info: + https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'GitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision + a container with a git repo, mount an EmptyDir into an + InitContainer that clones the repo using git, then mount + the EmptyDir into the Pod''s container.' + properties: + directory: + description: Target directory name. Must not contain + or start with '..'. If '.' is supplied, the volume + directory will be the git repository. Otherwise, + if specified, the volume will contain the git repository + in the subdirectory with the given name. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'Glusterfs represents a Glusterfs mount on + the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'EndpointsName is the endpoint name that + details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'Path is the Glusterfs volume path. More + info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'ReadOnly here will force the Glusterfs + volume to be mounted with read-only permissions. Defaults + to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'HostPath represents a pre-existing file or + directory on the host machine that is directly exposed + to the container. This is generally used for system agents + or other privileged things that are allowed to see the + host machine. Most containers will NOT need this. More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host + directory mounts and who can/can not mount host directories + as read/write.' + properties: + path: + description: 'Path of the directory on the host. If + the path is a symlink, it will follow the link to + the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'Type for HostPath Volume Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'ISCSI represents an ISCSI Disk resource that + is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: whether support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: whether support iSCSI Session CHAP authentication + type: boolean + fsType: + description: 'Filesystem type of the volume that you + want to mount. Tip: Ensure that the filesystem type + is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + initiatorName: + description: Custom iSCSI Initiator Name. If initiatorName + is specified with iscsiInterface simultaneously, new + iSCSI interface : will + be created for the connection. + type: string + iqn: + description: Target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iSCSI Interface Name that uses an iSCSI + transport. Defaults to 'default' (tcp). + type: string + lun: + description: iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: iSCSI Target Portal List. The portal is + either an IP or ip_addr:port if the port is other + than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: CHAP Secret for iSCSI target and initiator + authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + targetPortal: + description: iSCSI Target Portal. The Portal is either + an IP or ip_addr:port if the port is other than default + (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique + within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'NFS represents an NFS mount on the host that + shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'Path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'ReadOnly here will force the NFS export + to be mounted with read-only permissions. Defaults + to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'Server is the hostname or IP address of + the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'PersistentVolumeClaimVolumeSource represents + a reference to a PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'ClaimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: PhotonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host + machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if + unspecified. + type: string + pdID: + description: ID that identifies Photon Controller persistent + disk + type: string + required: + - pdID + type: object + portworxVolume: + description: PortworxVolume represents a portworx volume + attached and mounted on kubelets host machine + properties: + fsType: + description: FSType represents the filesystem type to + mount Must be a filesystem type supported by the host + operating system. Ex. "ext4", "xfs". Implicitly inferred + to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: VolumeID uniquely identifies a Portworx + volume + type: string + required: + - volumeID + type: object + projected: + description: Items for all in one resources secrets, configmaps, + and downward API + properties: + defaultMode: + description: Mode bits used to set permissions on created + files by default. Must be an octal value between 0000 + and 0777 or a decimal value between 0 and 511. YAML + accepts both octal and decimal values, JSON requires + decimal values for mode bits. Directories within the + path are not affected by this setting. This might + be in conflict with other options that affect the + file mode, like fsGroup, and the result can be other + mode bits set. + format: int32 + type: integer + sources: + description: list of volume projections + items: + description: Projection that may be projected along + with other supported volume types + properties: + configMap: + description: information about the configMap data + to project + properties: + items: + description: If unspecified, each key-value + pair in the Data field of the referenced + ConfigMap will be projected into the volume + as a file whose name is the key and content + is the value. If specified, the listed keys + will be projected into the specified paths, + and unlisted keys will not be present. If + a key is specified which is not present + in the ConfigMap, the volume setup will + error unless it is marked optional. Paths + must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used + to set permissions on this file. Must + be an octal value between 0000 and + 0777 or a decimal value between 0 + and 511. YAML accepts both octal and + decimal values, JSON requires decimal + values for mode bits. If not specified, + the volume defaultMode will be used. + This might be in conflict with other + options that affect the file mode, + like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the + file to map the key to. May not be + an absolute path. May not contain + the path element '..'. May not start + with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + downwardAPI: + description: information about the downwardAPI + data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits used + to set permissions on this file, must + be an octal value between 0000 and + 0777 or a decimal value between 0 + and 511. YAML accepts both octal and + decimal values, JSON requires decimal + values for mode bits. If not specified, + the volume defaultMode will be used. + This might be in conflict with other + options that affect the file mode, + like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the + relative path name of the file to + be created. Must not be absolute or + contain the ''..'' path. Must be utf-8 + encoded. The first item of the relative + path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of + the container: only resources limits + and requests (limits.cpu, limits.memory, + requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: information about the secret data + to project + properties: + items: + description: If unspecified, each key-value + pair in the Data field of the referenced + Secret will be projected into the volume + as a file whose name is the key and content + is the value. If specified, the listed keys + will be projected into the specified paths, + and unlisted keys will not be present. If + a key is specified which is not present + in the Secret, the volume setup will error + unless it is marked optional. Paths must + be relative and may not contain the '..' + path or start with '..'. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used + to set permissions on this file. Must + be an octal value between 0000 and + 0777 or a decimal value between 0 + and 511. YAML accepts both octal and + decimal values, JSON requires decimal + values for mode bits. If not specified, + the volume defaultMode will be used. + This might be in conflict with other + options that affect the file mode, + like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the + file to map the key to. May not be + an absolute path. May not contain + the path element '..'. May not start + with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + type: object + serviceAccountToken: + description: information about the serviceAccountToken + data to project + properties: + audience: + description: Audience is the intended audience + of the token. A recipient of a token must + identify itself with an identifier specified + in the audience of the token, and otherwise + should reject the token. The audience defaults + to the identifier of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested + duration of validity of the service account + token. As the token approaches expiration, + the kubelet volume plugin will proactively + rotate the service account token. The kubelet + will start trying to rotate the token if + the token is older than 80 percent of its + time to live or if the token is older than + 24 hours.Defaults to 1 hour and must be + at least 10 minutes. + format: int64 + type: integer + path: + description: Path is the path relative to + the mount point of the file to project the + token into. + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + description: Quobyte represents a Quobyte mount on the host + that shares a pod's lifetime + properties: + group: + description: Group to map volume access to Default is + no group + type: string + readOnly: + description: ReadOnly here will force the Quobyte volume + to be mounted with read-only permissions. Defaults + to false. + type: boolean + registry: + description: Registry represents a single or multiple + Quobyte Registry services specified as a string as + host:port pair (multiple entries are separated with + commas) which acts as the central registry for volumes + type: string + tenant: + description: Tenant owning the given Quobyte volume + in the Backend Used with dynamically provisioned Quobyte + volumes, value is set by the plugin + type: string + user: + description: User to map volume access to Defaults to + serivceaccount user + type: string + volume: + description: Volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'RBD represents a Rados Block Device mount + on the host that shares a pod''s lifetime. More info: + https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'Filesystem type of the volume that you + want to mount. Tip: Ensure that the filesystem type + is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + image: + description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'Keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'A collection of Ceph monitors. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'The rados pool name. Default is rbd. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly + setting in VolumeMounts. Defaults to false. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'SecretRef is name of the authentication + secret for RBDUser. If provided overrides keyring. + Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + user: + description: 'The rados user name. Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: ScaleIO represents a ScaleIO persistent volume + attached and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: The host address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: The name of the ScaleIO Protection Domain + for the configured storage. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef references to the secret for + ScaleIO user and other sensitive information. If this + is not provided, Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + sslEnabled: + description: Flag to enable/disable SSL communication + with Gateway, default false + type: boolean + storageMode: + description: Indicates whether the storage for a volume + should be ThickProvisioned or ThinProvisioned. Default + is ThinProvisioned. + type: string + storagePool: + description: The ScaleIO Storage Pool associated with + the protection domain. + type: string + system: + description: The name of the storage system as configured + in ScaleIO. + type: string + volumeName: + description: The name of a volume already created in + the ScaleIO system that is associated with this volume + source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'Secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'Optional: mode bits used to set permissions + on created files by default. Must be an octal value + between 0000 and 0777 or a decimal value between 0 + and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults + to 0644. Directories within the path are not affected + by this setting. This might be in conflict with other + options that affect the file mode, like fsGroup, and + the result can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in + the Data field of the referenced Secret will be projected + into the volume as a file whose name is the key and + content is the value. If specified, the listed keys + will be projected into the specified paths, and unlisted + keys will not be present. If a key is specified which + is not present in the Secret, the volume setup will + error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start + with '..'. + items: + description: Maps a string key to a path within a + volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set + permissions on this file. Must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal + values, JSON requires decimal values for mode + bits. If not specified, the volume defaultMode + will be used. This might be in conflict with + other options that affect the file mode, like + fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + path: + description: The relative path of the file to + map the key to. May not be an absolute path. + May not contain the path element '..'. May not + start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: Specify whether the Secret or its keys + must be defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace + to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: StorageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if + unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef specifies the secret to use for + obtaining the StorageOS API credentials. If not specified, + default values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + volumeName: + description: VolumeName is the human-readable name of + the StorageOS volume. Volume names are only unique + within a namespace. + type: string + volumeNamespace: + description: VolumeNamespace specifies the scope of + the volume within StorageOS. If no namespace is specified + then the Pod's namespace will be used. This allows + the Kubernetes name scoping to be mirrored within + StorageOS for tighter integration. Set VolumeName + to any name to override the default behaviour. Set + to "default" if you are not using namespaces within + StorageOS. Namespaces that do not pre-exist within + StorageOS will be created. + type: string + type: object + vsphereVolume: + description: VsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if + unspecified. + type: string + storagePolicyID: + description: Storage Policy Based Management (SPBM) + profile ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: Storage Policy Based Management (SPBM) + profile name. + type: string + volumePath: + description: Path that identifies vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + required: + - volumeMounts + - volumes + type: object + oneReplicaPerNode: + description: oneReplicaPerNode controls whether to run 1 pod per node + using the pod anti-affinity capability. Enabling this configuration + in an existing cluster will roll the cluster. + type: boolean + passwordEncoder: + description: passwordEncoder specifies password encoder secret for + Kafka. + properties: + directoryPathInContainer: + description: 'directoryPathInContainer contains the directory + path in the container where the required secret is mounted. + Directory should have the file `password-encoder.txt`. The contents + should include a new password. Old password is optional and + required only for rotation. More info: https://docs.confluent.io/operator/current/co-password-encoder-secret.' + type: string + secretRef: + description: 'secretRef specifies the secret name. The secret + should have the key `password-encoder.txt`. The contents should + include a new password. Old password is optional and required + only for rotation. More info: https://docs.confluent.io/operator/current/co-password-encoder-secret.' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + podTemplate: + description: podTemplate specifies the statefulset pod template configuration. + properties: + affinity: + description: 'affinity specifies a group of affinity scheduling + rules. More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity.' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from + its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term + matches no objects. The requirements of them are + ANDed. The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. This + field is beta-level and is only honored when + PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. This field is beta-level + and is only honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node that + violates one or more of the expressions. The node that + is most preferred is the one with the greatest sum of + weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. This + field is beta-level and is only honored when + PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod + label update), the system may or may not try to eventually + evict the pod from its node. When there are multiple + elements, the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. This field is beta-level + and is only honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'annotations is a map of string key and value pairs + stored with the resource and may be set by external tools to + store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations.' + type: object + x-kubernetes-map-type: granular + envVars: + description: 'envVars contain environment variables to be injected + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container.' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. If + a variable cannot be resolved, the reference in the input + string will be unchanged. Double $$ are reduced to a single + $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'labels is a map of string key and value pairs that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels.' + type: object + x-kubernetes-map-type: granular + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present + in container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to + all containers in a pod. Some volume types allow the Kubelet + to change the ownership of that volume to be owned by the + pod: \n 1. The owning GID will be the FSGroup 2. The setgid + bit is set (new files created in the volume will be owned + by FSGroup) 3. The permission bits are OR'd with rw-rw---- + \n If unset, the Kubelet will not modify the ownership and + permissions of any volume. Note that this field cannot be + set when spec.os.name is windows." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified, "Always" is used. Note that + this field cannot be set when spec.os.name is windows.' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. Note that this field + cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + Note that this field cannot be set when spec.os.name is + windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence + for that container. Note that this field cannot be set when + spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by the containers + in this pod. Note that this field cannot be set when spec.os.name + is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile must + be preconfigured on the node to work. Must be a descending + path, relative to the kubelet's configured seccomp profile + location. Must only be set if type is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - a + profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile + should be used. Unconfined - no profile should be applied." + type: string + required: + - type + type: object + supplementalGroups: + description: A list of groups applied to the first process + run in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + Note that this field cannot be set when spec.os.name is + windows. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. Note that this field cannot + be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options within a container's + SecurityContext will be used. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. This field is + alpha-level and will only be honored by components that + enable the WindowsHostProcessContainers feature flag. + Setting this field without the feature flag will result + in errors when validating the Pod. All of a Pod's containers + must have the same effective HostProcess value (it is + not allowed to have a mix of HostProcess containers + and non-HostProcess containers). In addition, if HostProcess + is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + priorityClassName: + description: priorityClassName specifies the priority class for + the pod (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: probe contains the fields for standard Kubernetes + readiness/liveness probe configuration. + properties: + liveness: + description: liveness configures the Kubernetes probe settings. + The changes will override the existing default configuration. + properties: + failureThreshold: + description: failureThreshold is the minimum consecutive + failures for the probe to be considered failed. Confluent + Platform components come with the right configuration, + and this setting is not required to change most of the + time. + format: int32 + type: integer + initialDelaySeconds: + description: initialDelaySeconds is the number of seconds + after the container has started and before probes are + initiated. Confluent Platform components come with the + right configuration, and this setting is not required + to change most of the time. + format: int32 + type: integer + periodSeconds: + description: periodSeconds specifies how often to perform + the probe. Confluent Platform components come with the + right configuration, and this setting is not required + to change most of the time. + format: int32 + type: integer + successThreshold: + description: successThreshold is the minimum consecutive + successes for the probe to be considered successful + after having failed. The default values is `1`. Must + be `1` for liveness and startup. The minimum value is + `1`. + format: int32 + type: integer + timeoutSeconds: + description: timeoutSeconds is the number of seconds after + which the probe times out. Confluent Platform components + come with the right configuration, and this setting + is not required to change most of the time. + format: int32 + type: integer + type: object + readiness: + description: readiness configures the Kubernetes probe setting. + The changes will override the existing default configuration. + properties: + failureThreshold: + description: failureThreshold is the minimum consecutive + failures for the probe to be considered failed. Confluent + Platform components come with the right configuration, + and this setting is not required to change most of the + time. + format: int32 + type: integer + initialDelaySeconds: + description: initialDelaySeconds is the number of seconds + after the container has started and before probes are + initiated. Confluent Platform components come with the + right configuration, and this setting is not required + to change most of the time. + format: int32 + type: integer + periodSeconds: + description: periodSeconds specifies how often to perform + the probe. Confluent Platform components come with the + right configuration, and this setting is not required + to change most of the time. + format: int32 + type: integer + successThreshold: + description: successThreshold is the minimum consecutive + successes for the probe to be considered successful + after having failed. The default values is `1`. Must + be `1` for liveness and startup. The minimum value is + `1`. + format: int32 + type: integer + timeoutSeconds: + description: timeoutSeconds is the number of seconds after + which the probe times out. Confluent Platform components + come with the right configuration, and this setting + is not required to change most of the time. + format: int32 + type: integer + type: object + type: object + resources: + description: resources describe the compute resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: SecurityContext holds security configuration that + will be applied to a container. Some fields are present in both + SecurityContext and PodSecurityContext. When both are set, + the values in SecurityContext take precedence. + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN Note that this field cannot be set + when spec.os.name is windows.' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. Note that this field cannot be set when + spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. Note that this field cannot + be set when spec.os.name is windows. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. Note that this field cannot be set when spec.os.name + is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. Note that this field cannot be set when + spec.os.name is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this container. + If seccomp options are provided at both the pod & container + level, the container options override the pod options. Note + that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile must + be preconfigured on the node to work. Must be a descending + path, relative to the kubelet's configured seccomp profile + location. Must only be set if type is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - a + profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile + should be used. Unconfined - no profile should be applied." + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is + linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. This field is + alpha-level and will only be honored by components that + enable the WindowsHostProcessContainers feature flag. + Setting this field without the feature flag will result + in errors when validating the Pod. All of a Pod's containers + must have the same effective HostProcess value (it is + not allowed to have a mix of HostProcess containers + and non-HostProcess containers). In addition, if HostProcess + is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the service account + used to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account.' + type: string + terminationGracePeriodSeconds: + description: terminationGracePeriodSeconds is the grace period + before the pod is deleted. + format: int64 + type: integer + tolerations: + description: tolerations specify the pods to schedule onto the + nodes with matching taints, using the triple `` + and the matching operator ``. + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: topologySpreadConstraints describe how a group of + pods ought to spread across topology domains. Scheduler will + schedule pods based on the constraints. All topologySpreadConstraints + are ANDed. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods + may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, + it is the maximum permitted difference between the number + of matching pods in the target topology and the global + minimum. For example, in a 3-zone cluster, MaxSkew is + set to 1, and pods with the same labelSelector spread + as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | + - if MaxSkew is 1, incoming pod can only be scheduled + to zone3 to become 1/1/1; scheduling it onto zone1(zone2) + would make the ActualSkew(2-0) on zone1(zone2) violate + MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled + onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, + it is used to give higher precedence to topologies that + satisfy it. It''s a required field. Default value is 1 + and 0 is not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - + DoNotSchedule (default) tells the scheduler not to schedule + it. - ScheduleAnyway tells the scheduler to schedule the + pod in any location, but giving higher precedence to + topologies that would help reduce the skew. A constraint + is considered "Unsatisfiable" for an incoming pod if and + only if every possible node assignment for that pod would + violate "MaxSkew" on some topology. For example, in a + 3-zone cluster, MaxSkew is set to 1, and pods with the + same labelSelector spread as 3/1/1: | zone1 | zone2 | + zone3 | | P P P | P | P | If WhenUnsatisfiable + is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) + on zone2(zone3) satisfies MaxSkew(1). In other words, + the cluster can still be imbalanced, but scheduler won''t + make it *more* imbalanced. It''s a required field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + rackAssignment: + description: rackAssignment specifies the rack awareness capability + of the Kafka cluster. + properties: + availabilityZoneCount: + description: availabilityZoneCount configures `broker.rack` with + the formula (`pod_id % azCount`). This is mainly for backwards + compatibility with Operator 1.x. + format: int32 + type: integer + nodeLabels: + description: nodeLabels use the Kubernetes node API to retrieve + the label values to be used in `broker.rack`. This feature requires + CFK to run with the cluster-level access. + items: + type: string + minItems: 1 + type: array + type: object + replicas: + description: replicas is the desired number of replicas. A change + to this setting will roll the cluster. + format: int32 + type: integer + services: + description: services specify the supported Kafka services. + properties: + kafkaRest: + description: kafkaRest specifies the embedded REST API server + configuration. + properties: + authentication: + description: authentication specifies the REST API server + authentication configuration. + properties: + basic: + description: basic specifies the configuration for basic + authentication. + properties: + debug: + description: debug enables the basic authentication + debug logs for JaaS configuration. + type: boolean + directoryPathInContainer: + description: 'directoryPathInContainer allows to pass + the basic credential through a directory path in + the container. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + minLength: 1 + type: string + restrictedRoles: + description: restrictedRoles specify the restricted + roles on the server side only. Changes will be only + reflected in Control Center. This configuration + is ignored on the client side configuration. + items: + type: string + minItems: 1 + type: array + roles: + description: roles specify the roles on the server + side only. This configuration is ignored on the + client side configuration. + items: + type: string + type: array + secretRef: + description: 'secretRef defines secret reference to + pass the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the authentication scheme + for the REST API server. Valid options are `basic` and + `mtls`. + enum: + - basic + - mtls + type: string + required: + - type + type: object + externalAccess: + description: externalAccess specifies the external access + configuration. + properties: + loadBalancer: + description: loadBalancer specifies the configuration + to create a Kubernetes load balancer service. + properties: + advertisedURL: + description: 'advertisedURL specifies the configuration + for advertised listener per pod. It is only supported + for MDS currently. If it is enabled, instead of + using internal endpoint, the MDS advertised listener + for each broker will be set to: `://.` + where podId starts from `0` to `replicaCount -1`. + This is only recommended if you cannot add internal + SANs to the TLS certificates for MDS and the external + DNS must be resolved inside the Kubernetes cluster.' + properties: + enabled: + description: enabled indicates whether to set + the MDS advertised listener url with external + endpoint for each broker. + type: boolean + prefix: + description: prefix specifies the broker prefix + for MDS advertised endpoint if using loadBalancer + external access. If not configured, it uses + `b` as default prefix, such as `b#.domain` where + `#` will start from `0` to `replicaCount -1`. + minLength: 1 + type: string + required: + - enabled + type: object + annotations: + additionalProperties: + type: string + description: annotations is a map of string key and + value pairs. It specifies Kubernetes annotations + for the load balancer service. + type: object + x-kubernetes-map-type: granular + domain: + description: domain is the domain name of the component + cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: externalTrafficPolicy specifies the external + traffic policy for the service. Valid options are + `Local` and `Cluster`. + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: loadBalancerSourceRanges specify the + source ranges. + items: + type: string + type: array + port: + description: port specifies the external port for + the client consumption. If not configured, the same + internal/external port is configured for the component. + Information about the port can be retrieved through + the status API. + format: int32 + type: integer + prefix: + description: prefix specify the prefix for the given + domain. The default value is the name of the cluster. + minLength: 1 + type: string + servicePorts: + description: servicePorts specify the user-provided + service port(s). + items: + description: ServicePort contains information on + service's port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed + names such as mycompany.com/my-custom-protocol. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which + this service is exposed when type is NodePort + or LoadBalancer. Usually assigned by the + system. If a value is specified, in-range, + and not in use it will be used, otherwise + the operation will fail. If not specified, + a port will be allocated if this Service requires + one. If this field is specified when creating + a Service which does not need it, creation + will fail. This field will be wiped when updating + a Service to no longer need it (e.g. changing + type from NodePort to ClusterIP). More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. + Supports "TCP", "UDP", and "SCTP". Default + is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to + access on the pods targeted by the service. + Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. If this is a string, + it will be looked up as a named port in the + target Pod''s container ports. If this is + not specified, the value of the ''port'' field + is used (an identity map). This field is ignored + for services with clusterIP=None, and should + be omitted or set equal to the ''port'' field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'sessionAffinity defines the Kubernetes + session affinity. The valid options are `ClientIP` + and `None`. `ClientIP` enables the client IP-based + session affinity. The default value is `None`. More + info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of the session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the + seconds of ClientIP type session sticky + time. The value must be >0 && <=86400(for + 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - domain + type: object + nodePort: + description: nodePort specifies the configuration to create + a Kubernetes node port service. + properties: + advertisedURL: + description: advertisedURL specifies the configuration + for advertised listener per pod. It is only supported + for MDS currently. If it is enabled, instead of + using internal endpoint, the MDS advertised listener + for each broker will be set to `://:, where`podId` starts from `0` to `replicaCount + - 1`. This is only recommended if you cannot add + internal SANs to the TLS certificates for MDS and + the external DNS must be resolved inside the Kubernetes + cluster. + properties: + enabled: + description: enabled indicates whether to set + the MDS advertised listener url with external + endpoint for each broker. + type: boolean + prefix: + description: prefix specifies the broker prefix + for MDS advertised endpoint if using loadBalancer + external access. If not configured, it uses + `b` as default prefix, such as `b#.domain` where + `#` will start from `0` to `replicaCount -1`. + minLength: 1 + type: string + required: + - enabled + type: object + annotations: + additionalProperties: + type: string + description: annotations is a map of string key and + value pairs that contains Kubernetes annotations + for the node port service. + type: object + x-kubernetes-map-type: granular + externalTrafficPolicy: + description: externalTrafficPolicy specifies the external + traffic policy for the service. Valid options are + `Local` and `Cluster`. + enum: + - Local + - Cluster + type: string + host: + description: host defines the host name of the cluster. + minLength: 1 + type: string + nodePortOffset: + description: nodePortOffset specifies the starting + offset of the node ports. The port numbers go in + ascending order with respect to the replicas count. + NodePort service creation fails if the node port + is not in the range supported by the Kubernetes + API server. The default Kubernetes Node Port range + is `30000` - `32762`. + format: int32 + minimum: 0 + type: integer + servicePorts: + description: servicePorts specify user-provided service + port(s). For Kafka with the nodePort type, this + setting is only applied to Kafka bootstrap service. + items: + description: ServicePort contains information on + service's port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed + names such as mycompany.com/my-custom-protocol. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which + this service is exposed when type is NodePort + or LoadBalancer. Usually assigned by the + system. If a value is specified, in-range, + and not in use it will be used, otherwise + the operation will fail. If not specified, + a port will be allocated if this Service requires + one. If this field is specified when creating + a Service which does not need it, creation + will fail. This field will be wiped when updating + a Service to no longer need it (e.g. changing + type from NodePort to ClusterIP). More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. + Supports "TCP", "UDP", and "SCTP". Default + is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to + access on the pods targeted by the service. + Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. If this is a string, + it will be looked up as a named port in the + target Pod''s container ports. If this is + not specified, the value of the ''port'' field + is used (an identity map). This field is ignored + for services with clusterIP=None, and should + be omitted or set equal to the ''port'' field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'sessionAffinity defines the Kubernetes + session affinity. The valid options are `ClientIP` + and `None`. `ClientIP` enables the client IP-based + session affinity. The default value is `None`. More + info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of the session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the + seconds of ClientIP type session sticky + time. The value must be >0 && <=86400(for + 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - host + - nodePortOffset + type: object + route: + description: route specifies the configuration to create + a route service in OpenShift. + properties: + annotations: + additionalProperties: + type: string + description: annotations is a map of string key and + value pairs that contains Kubernetes annotations + for the route services. + type: object + x-kubernetes-map-type: granular + domain: + description: domain specifies the domain name of the + Confluent component cluster. + minLength: 1 + type: string + prefix: + description: prefix specifies the component prefix + when configured for the domain. The default value + is the name of the cluster. + minLength: 1 + type: string + wildcardPolicy: + description: wildcardPolicy allows you to define a + route that covers all hosts within a domain. Valid + options are `Subdomain` and `None`. The default + value is `None`. + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: type specifies the Kubernetes external service + for the component. Valid options are `loadBalancer`, + `nodePort`, and `route`. + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + tls: + description: tls specifies the TLS configuration. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the + secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: mds specifies the MDS server configuration. + properties: + authentication: + description: authentication specifies the MDS server authentication + configuration. + properties: + type: + description: type defines the MDS authentication type. + The valid option is `bearer`. + enum: + - bearer + type: string + required: + - type + type: object + externalAccess: + description: externalAccess specifies the external access + configuration. + properties: + loadBalancer: + description: loadBalancer specifies the configuration + to create a Kubernetes load balancer service. + properties: + advertisedURL: + description: 'advertisedURL specifies the configuration + for advertised listener per pod. It is only supported + for MDS currently. If it is enabled, instead of + using internal endpoint, the MDS advertised listener + for each broker will be set to: `://.` + where podId starts from `0` to `replicaCount -1`. + This is only recommended if you cannot add internal + SANs to the TLS certificates for MDS and the external + DNS must be resolved inside the Kubernetes cluster.' + properties: + enabled: + description: enabled indicates whether to set + the MDS advertised listener url with external + endpoint for each broker. + type: boolean + prefix: + description: prefix specifies the broker prefix + for MDS advertised endpoint if using loadBalancer + external access. If not configured, it uses + `b` as default prefix, such as `b#.domain` where + `#` will start from `0` to `replicaCount -1`. + minLength: 1 + type: string + required: + - enabled + type: object + annotations: + additionalProperties: + type: string + description: annotations is a map of string key and + value pairs. It specifies Kubernetes annotations + for the load balancer service. + type: object + x-kubernetes-map-type: granular + domain: + description: domain is the domain name of the component + cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: externalTrafficPolicy specifies the external + traffic policy for the service. Valid options are + `Local` and `Cluster`. + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: loadBalancerSourceRanges specify the + source ranges. + items: + type: string + type: array + port: + description: port specifies the external port for + the client consumption. If not configured, the same + internal/external port is configured for the component. + Information about the port can be retrieved through + the status API. + format: int32 + type: integer + prefix: + description: prefix specify the prefix for the given + domain. The default value is the name of the cluster. + minLength: 1 + type: string + servicePorts: + description: servicePorts specify the user-provided + service port(s). + items: + description: ServicePort contains information on + service's port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed + names such as mycompany.com/my-custom-protocol. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which + this service is exposed when type is NodePort + or LoadBalancer. Usually assigned by the + system. If a value is specified, in-range, + and not in use it will be used, otherwise + the operation will fail. If not specified, + a port will be allocated if this Service requires + one. If this field is specified when creating + a Service which does not need it, creation + will fail. This field will be wiped when updating + a Service to no longer need it (e.g. changing + type from NodePort to ClusterIP). More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. + Supports "TCP", "UDP", and "SCTP". Default + is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to + access on the pods targeted by the service. + Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. If this is a string, + it will be looked up as a named port in the + target Pod''s container ports. If this is + not specified, the value of the ''port'' field + is used (an identity map). This field is ignored + for services with clusterIP=None, and should + be omitted or set equal to the ''port'' field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'sessionAffinity defines the Kubernetes + session affinity. The valid options are `ClientIP` + and `None`. `ClientIP` enables the client IP-based + session affinity. The default value is `None`. More + info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of the session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the + seconds of ClientIP type session sticky + time. The value must be >0 && <=86400(for + 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - domain + type: object + nodePort: + description: nodePort specifies the configuration to create + a Kubernetes node port service. + properties: + advertisedURL: + description: advertisedURL specifies the configuration + for advertised listener per pod. It is only supported + for MDS currently. If it is enabled, instead of + using internal endpoint, the MDS advertised listener + for each broker will be set to `://:, where`podId` starts from `0` to `replicaCount + - 1`. This is only recommended if you cannot add + internal SANs to the TLS certificates for MDS and + the external DNS must be resolved inside the Kubernetes + cluster. + properties: + enabled: + description: enabled indicates whether to set + the MDS advertised listener url with external + endpoint for each broker. + type: boolean + prefix: + description: prefix specifies the broker prefix + for MDS advertised endpoint if using loadBalancer + external access. If not configured, it uses + `b` as default prefix, such as `b#.domain` where + `#` will start from `0` to `replicaCount -1`. + minLength: 1 + type: string + required: + - enabled + type: object + annotations: + additionalProperties: + type: string + description: annotations is a map of string key and + value pairs that contains Kubernetes annotations + for the node port service. + type: object + x-kubernetes-map-type: granular + externalTrafficPolicy: + description: externalTrafficPolicy specifies the external + traffic policy for the service. Valid options are + `Local` and `Cluster`. + enum: + - Local + - Cluster + type: string + host: + description: host defines the host name of the cluster. + minLength: 1 + type: string + nodePortOffset: + description: nodePortOffset specifies the starting + offset of the node ports. The port numbers go in + ascending order with respect to the replicas count. + NodePort service creation fails if the node port + is not in the range supported by the Kubernetes + API server. The default Kubernetes Node Port range + is `30000` - `32762`. + format: int32 + minimum: 0 + type: integer + servicePorts: + description: servicePorts specify user-provided service + port(s). For Kafka with the nodePort type, this + setting is only applied to Kafka bootstrap service. + items: + description: ServicePort contains information on + service's port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed + names such as mycompany.com/my-custom-protocol. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which + this service is exposed when type is NodePort + or LoadBalancer. Usually assigned by the + system. If a value is specified, in-range, + and not in use it will be used, otherwise + the operation will fail. If not specified, + a port will be allocated if this Service requires + one. If this field is specified when creating + a Service which does not need it, creation + will fail. This field will be wiped when updating + a Service to no longer need it (e.g. changing + type from NodePort to ClusterIP). More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. + Supports "TCP", "UDP", and "SCTP". Default + is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to + access on the pods targeted by the service. + Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. If this is a string, + it will be looked up as a named port in the + target Pod''s container ports. If this is + not specified, the value of the ''port'' field + is used (an identity map). This field is ignored + for services with clusterIP=None, and should + be omitted or set equal to the ''port'' field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'sessionAffinity defines the Kubernetes + session affinity. The valid options are `ClientIP` + and `None`. `ClientIP` enables the client IP-based + session affinity. The default value is `None`. More + info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of the session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the + seconds of ClientIP type session sticky + time. The value must be >0 && <=86400(for + 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - host + - nodePortOffset + type: object + route: + description: route specifies the configuration to create + a route service in OpenShift. + properties: + annotations: + additionalProperties: + type: string + description: annotations is a map of string key and + value pairs that contains Kubernetes annotations + for the route services. + type: object + x-kubernetes-map-type: granular + domain: + description: domain specifies the domain name of the + Confluent component cluster. + minLength: 1 + type: string + prefix: + description: prefix specifies the component prefix + when configured for the domain. The default value + is the name of the cluster. + minLength: 1 + type: string + wildcardPolicy: + description: wildcardPolicy allows you to define a + route that covers all hosts within a domain. Valid + options are `Subdomain` and `None`. The default + value is `None`. + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: type specifies the Kubernetes external service + for the component. Valid options are `loadBalancer`, + `nodePort`, and `route`. + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + provider: + description: provider specifies the identity provider configuration. + properties: + ldap: + description: ldap defines the LDAP service configuration. + properties: + address: + description: address defines the LDAP server address. + type: string + authentication: + description: LdapAuthentication specifies the LDAP + authentication configuration. + properties: + simple: + description: simple specifies simple authentication + configuration for the LDAP. + properties: + directoryPathInContainer: + description: directoryPathInContainer defines + the directory path in the container where + the credentials are mounted. + minLength: 1 + type: string + secretRef: + description: secretRef references the name + of the secret that contains the credentials. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type defines the authentication method + for LDAP. Valid options are `simple` and `mtls`. + enum: + - simple + - mtls + type: string + required: + - type + type: object + configurations: + description: configurations defines the LDAP configurations + for Confluent RBAC. + properties: + groupMemberAttribute: + description: groupMemberAttribute specifies the + LDAP group member attribute. + minLength: 1 + type: string + groupMemberAttributePattern: + description: groupMemberAttributePattern specifies + the regular expression pattern for the LDAP + group member attribute. + minLength: 1 + type: string + groupNameAttribute: + description: groupNameAttribute specifies the + LDAP group name attribute. + minLength: 1 + type: string + groupObjectClass: + description: groupObjectClass specifies the LDAP + group object class. + minLength: 1 + type: string + groupSearchBase: + description: groupSearchBase specifies the LDAP + search base for the group-based search. + minLength: 1 + type: string + groupSearchFilter: + description: groupSearchFilter specifies the LDAP + search filter for the group-based search. + minLength: 1 + type: string + groupSearchScope: + description: groupSearchScope specifies the LDAP + search scope for the group-based search. + format: int32 + type: integer + userMemberOfAttributePattern: + description: userMemberOfAttributePattern specifies + the regular expression pattern for the LDAP + user member attribute. + minLength: 1 + type: string + userNameAttribute: + description: userNameAttribute specifies the LDAP + username attribute. + minLength: 1 + type: string + userObjectClass: + description: userObjectClass specifies the LDAP + user object class. + minLength: 1 + type: string + userSearchBase: + description: userSearchBase specifies the LDAP + search base for the user-based search. + minLength: 1 + type: string + userSearchFilter: + description: userSearchFilter specifies the LDAP + search filter for the user-based search. + minLength: 1 + type: string + userSearchScope: + description: userSearchScope specifies the LDAP + search scope for the user-based search. + format: int32 + type: integer + type: object + tls: + description: tls specifies the TLS configuration for + the LDAP. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies + the directory path in the container where `keystore.jks`, + `truststore.jks`, and `jksPassword.txt` keys + are mounted. `truststore.jks` is not configured + and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS + configuration for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates + whether to ignore the truststore configuration + for the Confluent component. + type: boolean + jksPassword: + description: jksPassword references the secret + containing the JKS password. + properties: + secretRef: + description: 'secretRef references the name + of the secret containing the JKS password. + More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret + containing the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + required: + - address + - authentication + - configurations + type: object + type: + description: type defines the identity provider type. + The valid option is `ldap`. + enum: + - ldap + type: string + required: + - ldap + - type + type: object + tls: + description: tls specifies the TLS configuration. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the + secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: tokenKeyPair specifies the token key pair for + the MDS. + properties: + directoryPathInContainer: + description: directoryPathInContainer defines the directory + path in the container where the MDS token key pair are + mounted. + minLength: 1 + type: string + secretRef: + description: secretRef references the name of the secret + that contains the MDS token key pair. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - provider + - tokenKeyPair + type: object + type: object + storageClass: + description: storageClass specifies the user-provided storage class. + If not configured, it will use the default storage class. + properties: + name: + description: name is the storage class name. + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + telemetry: + description: telemetry specifies the Confluent telemetry reporter + configuration. + properties: + global: + description: global allows disabling telemetry configuration. + If CFK is deployed with telemetry, this field is only used to + disable telemetry. The default value is `true` if telemetry + is enabled at the global level. + type: boolean + type: object + tls: + description: tls specifies the global-level TLS configuration which + can be used by listeners and services. + properties: + autoGeneratedCerts: + description: autoGeneratedCerts specifies that the certificates + are auto-generated based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` is + not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether to ignore + the truststore configuration for the Confluent component. + type: boolean + jksPassword: + description: jksPassword references the secret containing the + JKS password. + properties: + secretRef: + description: 'secretRef references the name of the secret + containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing the certificates. + More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - dataVolumeCapacity + - image + - replicas + type: object + status: + description: status defines the observed state of the Kafka cluster. + properties: + authorizationType: + description: authorizationType is the authorization type for this + Confluent component. + type: string + brokerIdOffset: + description: brokerIdOffset is the broker id offset of the Kafka cluster. + format: int32 + type: integer + clusterID: + description: clusterID is the ID of the Kafka cluster. + type: string + clusterName: + description: clusterName is the name of the Confluent Platform component + cluster. + type: string + clusterNamespace: + description: clusterNamespace is the namespace where the Confluent + Platform component cluster is running. + type: string + conditions: + description: conditions specify the latest available observations + of the current state. + items: + description: Condition represent the latest available observations + of the current state. + properties: + lastProbeTime: + description: lastProbeTime shows the last time the condition + was evaluated. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime shows the last time the condition + was transitioned from one status to another. + format: date-time + type: string + message: + description: message shows a human-readable message with details + about the transition. + type: string + reason: + description: reason shows the reason for the last transition + of the condition. + type: string + status: + description: status shows the status of the condition, one of + `True`, `False`, or `Unknown`. + type: string + type: + description: type shows the condition type. + type: string + type: object + type: array + currentReplicas: + description: currentReplicas is the number of currently running replicas. + format: int32 + type: integer + internalSecrets: + description: internalSecrets are internal secrets created by CFK for + this Confluent component. + items: + type: string + type: array + internalTopicNames: + description: internalTopicNames are the topics used by the component + for internal use. + items: + type: string + type: array + listeners: + additionalProperties: + properties: + advertisedExternalEndpoints: + description: advertisedExternalEndpoints specifies other advertised + endpoints used, especially for Kafka. + items: + type: string + type: array + authenticationType: + description: authenticationType shows the authentication type + configured by the listener. + type: string + client: + type: string + externalAccessType: + description: externalAccessType shows the external access type + used for the listener. + type: string + externalEndpoint: + description: externalEndpoint specifies the external endpoint + to connect to the Confluent component cluster. + type: string + internalEndpoint: + description: internalEndpoint specifies the internal endpoint + to connect to the Confluent component cluster. + type: string + tls: + description: tls shows whether TLS is configured for the listener. + type: boolean + type: object + description: listeners is a map for the status of Kafka Listeners. + type: object + x-kubernetes-map-type: granular + minISR: + description: minISR is the minimum number of in sync replicas in the + Kafka cluster. + format: int32 + type: integer + operatorVersion: + description: operatorVersion is the internal version of CFK. + type: string + phase: + description: phase describes the state of the Confluent Platform component. + type: string + readyReplicas: + description: readyReplicas is the number of currently ready replicas. + format: int32 + type: integer + replicas: + description: replicas is the number of replicas. + format: int32 + type: integer + replicationFactor: + description: replicationFactor is the replication factor of the topics + in the Kafka cluster. + format: int32 + type: integer + selector: + description: selector gets the label selector of the child pod. The + Horizontal Pod Autoscaler(HPA) will scale using the label selector + of the child pod. + type: string + services: + additionalProperties: + description: ListenerStatus describes general information about + the listeners. + properties: + advertisedExternalEndpoints: + description: advertisedExternalEndpoints specifies other advertised + endpoints used, especially for Kafka. + items: + type: string + type: array + authenticationType: + description: authenticationType shows the authentication type + configured by the listener. + type: string + externalAccessType: + description: externalAccessType shows the external access type + used for the listener. + type: string + externalEndpoint: + description: externalEndpoint specifies the external endpoint + to connect to the Confluent component cluster. + type: string + internalEndpoint: + description: internalEndpoint specifies the internal endpoint + to connect to the Confluent component cluster. + type: string + tls: + description: tls shows whether TLS is configured for the listener. + type: boolean + type: object + description: services is a map for the Kafka services. + type: object + x-kubernetes-map-type: granular + zookeeperConnect: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.3.0/crds/platform.confluent.io_kafkatopics.yaml b/base/cfk-base/2.3.0/crds/platform.confluent.io_kafkatopics.yaml new file mode 100644 index 0000000..af013e4 --- /dev/null +++ b/base/cfk-base/2.3.0/crds/platform.confluent.io_kafkatopics.yaml @@ -0,0 +1,312 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_kafkatopics.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + name: kafkatopics.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: KafkaTopic + listKind: KafkaTopicList + plural: kafkatopics + shortNames: + - kt + - topic + singular: kafkatopic + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.replicas + name: Replicas + type: string + - jsonPath: .status.partitionCount + name: Partition + type: string + - jsonPath: .status.state + name: Status + type: string + - jsonPath: .status.kafkaClusterID + name: ClusterID + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.kafkaCluster + name: KafkaCluster + priority: 1 + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: KafkaTopic is the schema for the Kafka Topic API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec defines the desired state of the KafkaTopic. + properties: + configs: + additionalProperties: + type: string + description: 'configs is a map of string key and value pairs that + are used to pass the configuration settings for the topic. More + info: https://docs.confluent.io/current/installation/configuration/topic-configs.html.' + type: object + x-kubernetes-map-type: granular + kafkaClusterRef: + description: kafkaClusterRef specifies the name of the Kafka cluster. + properties: + name: + description: name specifies the name of the Confluent Platform + component cluster. + type: string + namespace: + description: namespace specifies the namespace where the Confluent + Platform component cluster is running. + type: string + required: + - name + type: object + kafkaRest: + description: kafkaRest specifies the Kafka REST API configuration. + properties: + authentication: + description: authentication specifies the REST API authentication + mechanism. + properties: + basic: + description: basic specifies the basic authentication settings + for the REST API client. + properties: + debug: + description: debug enables the basic authentication debug + logs for JaaS configuration. + type: boolean + directoryPathInContainer: + description: 'directoryPathInContainer allows to pass + the basic credential through a directory path in the + container. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + minLength: 1 + type: string + restrictedRoles: + description: restrictedRoles specify the restricted roles + on the server side only. Changes will be only reflected + in Control Center. This configuration is ignored on + the client side configuration. + items: + type: string + minItems: 1 + type: array + roles: + description: roles specify the roles on the server side + only. This configuration is ignored on the client side + configuration. + items: + type: string + type: array + secretRef: + description: 'secretRef defines secret reference to pass + the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + bearer: + description: bearer specifies the bearer authentication settings + for the REST API client. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where the credential is mounted. + minLength: 1 + type: string + secretRef: + description: 'secretRef specifies the name of the secret + that contains the credential. More info: https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the REST API authentication type. + Valid options are `basic`, `bearer`, and `mtls`. + enum: + - basic + - bearer + - mtls + type: string + required: + - type + type: object + endpoint: + description: endpoint specifies where Confluent REST API is running. + minLength: 1 + pattern: ^https?://.* + type: string + kafkaClusterID: + description: kafkaClusterID specifies the id of Kafka cluster. + It takes precedence over using the Kafka REST API to get the + cluster id. + minLength: 1 + type: string + tls: + description: tls specifies the custom TLS structure for the application + resources, e.g. connector, topic, schema, of the Confluent Platform + components. + properties: + directoryPathInContainer: + description: directoryPathInContainer contains the directory + path in the container where `keystore.jks`, `truststore.jks`, + `jksPassword.txt` keys are mounted. + minLength: 1 + type: string + jksPassword: + description: jksPassword specifies the secret name that contains + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the secret + containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef specifies the secret name that contains + the certificates. More info about certificates key/value + format: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: object + kafkaRestClassRef: + description: kafkaRestClassRef references the KafkaRestClass which + defines Kafka REST API connection information. + properties: + name: + description: name specifies the name of the KafkaRestClass application + resource. + minLength: 1 + type: string + namespace: + description: namespace specifies the namespace of the KafkaRestClass. + type: string + required: + - name + type: object + name: + description: name specifies the topic name. If not configured, the + KafkaTopic CR name is used as the topic name. + maxLength: 255 + minLength: 1 + pattern: ^[a-zA-Z0-9\._\-]*$ + type: string + partitionCount: + description: partitionCount specifies the number of partitions for + the topic. If not configured, it will be defaulted to the partition + count that Kafka REST V3 API supports. + format: int32 + type: integer + replicas: + description: replicas specifies the replication factor for the topic. + If not configured, it will be defaulted to the replication factor + that Kafka REST V3 API supports. + format: int32 + type: integer + type: object + status: + description: status defines the observed state of the KafkaTopic. + properties: + conditions: + description: conditions are the latest available observed states of + the topic. + items: + description: Condition represent the latest available observations + of the current state. + properties: + lastProbeTime: + description: lastProbeTime shows the last time the condition + was evaluated. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime shows the last time the condition + was transitioned from one status to another. + format: date-time + type: string + message: + description: message shows a human-readable message with details + about the transition. + type: string + reason: + description: reason shows the reason for the last transition + of the condition. + type: string + status: + description: status shows the status of the condition, one of + `True`, `False`, or `Unknown`. + type: string + type: + description: type shows the condition type. + type: string + type: object + type: array + kafkaCluster: + type: string + kafkaClusterID: + description: kafkaClusterID is the id of the Kafka cluster. + type: string + kafkaRestEndpoint: + description: kafkaRestEndpoint is the endpoint of the Kafka REST API. + type: string + partitionCount: + description: partitionCount is the partition count of the topic. + format: int32 + type: integer + replicas: + description: replicas is the replication factor of the topic. + format: int32 + type: integer + state: + description: state is the state of the topic. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.3.0/crds/platform.confluent.io_ksqldbs.yaml b/base/cfk-base/2.3.0/crds/platform.confluent.io_ksqldbs.yaml new file mode 100644 index 0000000..c3525fd --- /dev/null +++ b/base/cfk-base/2.3.0/crds/platform.confluent.io_ksqldbs.yaml @@ -0,0 +1,4962 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_ksqldbs.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + name: ksqldbs.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: KsqlDB + listKind: KsqlDBList + plural: ksqldbs + shortNames: + - ksqldb + - ksql + singular: ksqldb + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.replicas + name: Replicas + type: string + - jsonPath: .status.readyReplicas + name: Ready + type: string + - jsonPath: .status.phase + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.kafka.bootstrapEndpoint + name: Kafka + priority: 1 + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: KsqlDB is the schema for the ksqlDB API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec defines the desired state of the ksqlDB cluster. + properties: + authentication: + description: authentication specifies whether authentication is needed + when accessing the ksqlDB cluster. + properties: + basic: + description: basic specifies the configuration for basic authentication. + properties: + debug: + description: debug enables the basic authentication debug + logs for JaaS configuration. + type: boolean + directoryPathInContainer: + description: 'directoryPathInContainer allows to pass the + basic credential through a directory path in the container. + More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + minLength: 1 + type: string + restrictedRoles: + description: restrictedRoles specify the restricted roles + on the server side only. Changes will be only reflected + in Control Center. This configuration is ignored on the + client side configuration. + items: + type: string + minItems: 1 + type: array + roles: + description: roles specify the roles on the server side only. + This configuration is ignored on the client side configuration. + items: + type: string + type: array + secretRef: + description: 'secretRef defines secret reference to pass the + required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the authentication scheme for the + REST API server. Valid options are `basic` and `mtls`. + enum: + - basic + - mtls + type: string + required: + - type + type: object + authorization: + description: authorization specifies the RBAC configuration for the + ksqlDB cluster. + properties: + kafkaRestClassRef: + description: kafkaRestClassRef references the KafkaRestClass which + specifies the Kafka REST API connection configuration. + properties: + name: + description: name specifies the name of the KafkaRestClass + application resource. + minLength: 1 + type: string + namespace: + description: namespace specifies the namespace of the KafkaRestClass. + type: string + required: + - name + type: object + type: + description: type specifies the client-side authorization type. + The valid option is `rbac`. + enum: + - rbac + type: string + required: + - type + type: object + configOverrides: + description: configOverrides specifies the configs to override the + server, JVM, Log4j properties for the ksqlDB cluster. A change will + roll the cluster. + properties: + jvm: + description: jvm is a list of JVM configuration supported by the + Confluent Platform component. This will either add or update + the existing configuration. + items: + type: string + type: array + log4j: + description: log4j is a list of Log4J configuration supported + by the Confluent Platform component. This will either add or + update the existing configuration. + items: + type: string + type: array + server: + description: server is a list of server configuration supported + by the Confluent Platform component. This will either add or + update existing configuration. + items: + type: string + type: array + type: object + dataVolumeCapacity: + anyOf: + - type: integer + - type: string + description: dataVolumeCapacity specifies the data volume for the + ksqlDB cluster. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + dependencies: + description: dependencies specifies the dependency configurations + for Kafka, Interceptor, Schema Registry, and the MDS. + properties: + interceptor: + description: interceptor specifies the interceptor dependency + configuration. + properties: + configs: + description: configs describe the configurations for the Confluent + Platform interceptor. The config override feature can be + used to pass the configuration settings. + items: + type: string + type: array + consumer: + description: consumer specifies the consumer configuration + for the interceptor. If not configured, it uses the Kafka + dependency configuration. + properties: + authentication: + description: authentication defines the authentication + for the Kafka cluster. + properties: + jaasConfig: + description: jaasConfig specifies the Kafka client-side + JaaS configuration. + properties: + secretRef: + description: 'secretRef references the secret + containing the required credentials. More info: + https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: jaasConfigPassThrough specifies another + way to provide the Kafka client-side JaaS configuration. + properties: + directoryPathInContainer: + description: 'directoryPathInContainer specifies + the directory path in the container where required + credentials are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + minLength: 1 + type: string + secretRef: + description: 'secretRef references the secret + containing the required credentials for authentication. + More info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + oauthbearer: + description: oauthbearer is the authentication mechanism + to provider principals. Only supported in RBAC deployment. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies + the directory path in the container where the + credential is mounted. + minLength: 1 + type: string + secretRef: + description: 'secretRef specifies the name of + the secret that contains the credential. More + info: https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the Kafka client authentication + type. Valid options are `plain`, `oauthbearer`, + `digest`, and `mtls`. + enum: + - plain + - oauthbearer + - digest + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: bootstrapEndpoint specifies the Kafka bootstrap + endpoint. + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: discovery specifies the capability to discover + the Kafka cluster. + properties: + name: + description: name is the name of the Confluent Platform + component cluster. + type: string + namespace: + description: namespace is where the Confluent Platform + component is running. The default value is the namespace + where CFK is running. + type: string + secretRef: + description: secretRef is the name of the secret used + to discover the Confluent Platform component. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: tls defines the client-side TLS setting for + the Kafka cluster. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the + directory path in the container where `keystore.jks`, + `truststore.jks`, and `jksPassword.txt` keys are + mounted. `truststore.jks` is not configured and + can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of + the secret containing the JKS password. More + info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + enabled: + description: enabled indicates whether the Confluent Platform + interceptor is enabled or disabled. + type: boolean + producer: + description: producer specifies the producer configuration + for the interceptor. If not configured, it uses the Kafka + dependency configuration. + properties: + authentication: + description: authentication defines the authentication + for the Kafka cluster. + properties: + jaasConfig: + description: jaasConfig specifies the Kafka client-side + JaaS configuration. + properties: + secretRef: + description: 'secretRef references the secret + containing the required credentials. More info: + https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: jaasConfigPassThrough specifies another + way to provide the Kafka client-side JaaS configuration. + properties: + directoryPathInContainer: + description: 'directoryPathInContainer specifies + the directory path in the container where required + credentials are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + minLength: 1 + type: string + secretRef: + description: 'secretRef references the secret + containing the required credentials for authentication. + More info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + oauthbearer: + description: oauthbearer is the authentication mechanism + to provider principals. Only supported in RBAC deployment. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies + the directory path in the container where the + credential is mounted. + minLength: 1 + type: string + secretRef: + description: 'secretRef specifies the name of + the secret that contains the credential. More + info: https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the Kafka client authentication + type. Valid options are `plain`, `oauthbearer`, + `digest`, and `mtls`. + enum: + - plain + - oauthbearer + - digest + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: bootstrapEndpoint specifies the Kafka bootstrap + endpoint. + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: discovery specifies the capability to discover + the Kafka cluster. + properties: + name: + description: name is the name of the Confluent Platform + component cluster. + type: string + namespace: + description: namespace is where the Confluent Platform + component is running. The default value is the namespace + where CFK is running. + type: string + secretRef: + description: secretRef is the name of the secret used + to discover the Confluent Platform component. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: tls defines the client-side TLS setting for + the Kafka cluster. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the + directory path in the container where `keystore.jks`, + `truststore.jks`, and `jksPassword.txt` keys are + mounted. `truststore.jks` is not configured and + can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of + the secret containing the JKS password. More + info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + publishMs: + type: integer + required: + - enabled + type: object + kafka: + description: kafka specifies the Kafka dependency configuration. + properties: + authentication: + description: authentication defines the authentication for + the Kafka cluster. + properties: + jaasConfig: + description: jaasConfig specifies the Kafka client-side + JaaS configuration. + properties: + secretRef: + description: 'secretRef references the secret containing + the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: jaasConfigPassThrough specifies another way + to provide the Kafka client-side JaaS configuration. + properties: + directoryPathInContainer: + description: 'directoryPathInContainer specifies the + directory path in the container where required credentials + are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + minLength: 1 + type: string + secretRef: + description: 'secretRef references the secret containing + the required credentials for authentication. More + info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + oauthbearer: + description: oauthbearer is the authentication mechanism + to provider principals. Only supported in RBAC deployment. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the + directory path in the container where the credential + is mounted. + minLength: 1 + type: string + secretRef: + description: 'secretRef specifies the name of the + secret that contains the credential. More info: + https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the Kafka client authentication + type. Valid options are `plain`, `oauthbearer`, `digest`, + and `mtls`. + enum: + - plain + - oauthbearer + - digest + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: bootstrapEndpoint specifies the Kafka bootstrap + endpoint. + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: discovery specifies the capability to discover + the Kafka cluster. + properties: + name: + description: name is the name of the Confluent Platform + component cluster. + type: string + namespace: + description: namespace is where the Confluent Platform + component is running. The default value is the namespace + where CFK is running. + type: string + secretRef: + description: secretRef is the name of the secret used + to discover the Confluent Platform component. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: tls defines the client-side TLS setting for the + Kafka cluster. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the + secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: mds specifies the MDS dependencies configuration. + properties: + authentication: + description: authentication specifies the client side authentication + configuration for the MDS. + properties: + bearer: + description: bearer specifies the bearer authentication + settings. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the + directory path in the container where the credential + is mounted. + minLength: 1 + type: string + secretRef: + description: 'secretRef specifies the name of the + secret that contains the credential. More info: + https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the authentication method + for the MDS. The valid option is `bearer`. + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: endpoint specifies the MDS endpoint. + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: ClientTLSConfig specifies the TLS configuration + for the Confluent component (dependencies, listeners). + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the + secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: tokenKeyPair specifies the token keypair to configure + the MDS. + properties: + directoryPathInContainer: + description: directoryPathInContainer defines the directory + path in the container where the MDS token key pair are + mounted. + minLength: 1 + type: string + secretRef: + description: secretRef references the name of the secret + that contains the MDS token key pair. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - authentication + - endpoint + - tokenKeyPair + type: object + schemaRegistry: + description: schemaRegistry specifies the Schema Registry dependency + configuration. + properties: + authentication: + description: authentication specifies the authentication for + the Schema Registry cluster. + properties: + basic: + description: basic specifies the configuration for basic + authentication. + properties: + debug: + description: debug enables the basic authentication + debug logs for JaaS configuration. + type: boolean + directoryPathInContainer: + description: 'directoryPathInContainer allows to pass + the basic credential through a directory path in + the container. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + minLength: 1 + type: string + restrictedRoles: + description: restrictedRoles specify the restricted + roles on the server side only. Changes will be only + reflected in Control Center. This configuration + is ignored on the client side configuration. + items: + type: string + minItems: 1 + type: array + roles: + description: roles specify the roles on the server + side only. This configuration is ignored on the + client side configuration. + items: + type: string + type: array + secretRef: + description: 'secretRef defines secret reference to + pass the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the authentication scheme + for the REST API client. Valid options are `basic` and + `mtls`. + enum: + - basic + - mtls + type: string + required: + - type + type: object + tls: + description: tls defines the client-side TLS setting for the + Schema Registry cluster. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the + secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: url specifies the URL endpoint of the Schema + Registry cluster. + minLength: 1 + pattern: ^https?://.* + type: string + required: + - url + type: object + type: object + externalAccess: + description: externalAccess specifies the configurations for the endpoints + and services to make the ksqlDB accessible from outside the cluster. + properties: + loadBalancer: + description: loadBalancer specifies the configuration to create + a Kubernetes load balancer service. + properties: + advertisedURL: + description: 'advertisedURL specifies the configuration for + advertised listener per pod. It is only supported for MDS + currently. If it is enabled, instead of using internal endpoint, + the MDS advertised listener for each broker will be set + to: `://.` + where podId starts from `0` to `replicaCount -1`. This is + only recommended if you cannot add internal SANs to the + TLS certificates for MDS and the external DNS must be resolved + inside the Kubernetes cluster.' + properties: + enabled: + description: enabled indicates whether to set the MDS + advertised listener url with external endpoint for each + broker. + type: boolean + prefix: + description: prefix specifies the broker prefix for MDS + advertised endpoint if using loadBalancer external access. + If not configured, it uses `b` as default prefix, such + as `b#.domain` where `#` will start from `0` to `replicaCount + -1`. + minLength: 1 + type: string + required: + - enabled + type: object + annotations: + additionalProperties: + type: string + description: annotations is a map of string key and value + pairs. It specifies Kubernetes annotations for the load + balancer service. + type: object + x-kubernetes-map-type: granular + domain: + description: domain is the domain name of the component cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: externalTrafficPolicy specifies the external + traffic policy for the service. Valid options are `Local` + and `Cluster`. + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: loadBalancerSourceRanges specify the source ranges. + items: + type: string + type: array + port: + description: port specifies the external port for the client + consumption. If not configured, the same internal/external + port is configured for the component. Information about + the port can be retrieved through the status API. + format: int32 + type: integer + prefix: + description: prefix specify the prefix for the given domain. + The default value is the name of the cluster. + minLength: 1 + type: string + servicePorts: + description: servicePorts specify the user-provided service + port(s). + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard service + names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in + the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type is NodePort or LoadBalancer. Usually + assigned by the system. If a value is specified, in-range, + and not in use it will be used, otherwise the operation + will fail. If not specified, a port will be allocated + if this Service requires one. If this field is specified + when creating a Service which does not need it, creation + will fail. This field will be wiped when updating + a Service to no longer need it (e.g. changing type + from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this + is not specified, the value of the ''port'' field + is used (an identity map). This field is ignored for + services with clusterIP=None, and should be omitted + or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'sessionAffinity defines the Kubernetes session + affinity. The valid options are `ClientIP` and `None`. `ClientIP` + enables the client IP-based session affinity. The default + value is `None`. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of the session affinity. + properties: + clientIP: + description: clientIP contains the configurations of Client + IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - domain + type: object + nodePort: + description: nodePort specifies the configuration to create a + Kubernetes node port service. + properties: + advertisedURL: + description: advertisedURL specifies the configuration for + advertised listener per pod. It is only supported for MDS + currently. If it is enabled, instead of using internal endpoint, + the MDS advertised listener for each broker will be set + to `://:, + where`podId` starts from `0` to `replicaCount - 1`. This + is only recommended if you cannot add internal SANs to the + TLS certificates for MDS and the external DNS must be resolved + inside the Kubernetes cluster. + properties: + enabled: + description: enabled indicates whether to set the MDS + advertised listener url with external endpoint for each + broker. + type: boolean + prefix: + description: prefix specifies the broker prefix for MDS + advertised endpoint if using loadBalancer external access. + If not configured, it uses `b` as default prefix, such + as `b#.domain` where `#` will start from `0` to `replicaCount + -1`. + minLength: 1 + type: string + required: + - enabled + type: object + annotations: + additionalProperties: + type: string + description: annotations is a map of string key and value + pairs that contains Kubernetes annotations for the node + port service. + type: object + x-kubernetes-map-type: granular + externalTrafficPolicy: + description: externalTrafficPolicy specifies the external + traffic policy for the service. Valid options are `Local` + and `Cluster`. + enum: + - Local + - Cluster + type: string + host: + description: host defines the host name of the cluster. + minLength: 1 + type: string + nodePortOffset: + description: nodePortOffset specifies the starting offset + of the node ports. The port numbers go in ascending order + with respect to the replicas count. NodePort service creation + fails if the node port is not in the range supported by + the Kubernetes API server. The default Kubernetes Node Port + range is `30000` - `32762`. + format: int32 + minimum: 0 + type: integer + servicePorts: + description: servicePorts specify user-provided service port(s). + For Kafka with the nodePort type, this setting is only applied + to Kafka bootstrap service. + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard service + names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in + the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type is NodePort or LoadBalancer. Usually + assigned by the system. If a value is specified, in-range, + and not in use it will be used, otherwise the operation + will fail. If not specified, a port will be allocated + if this Service requires one. If this field is specified + when creating a Service which does not need it, creation + will fail. This field will be wiped when updating + a Service to no longer need it (e.g. changing type + from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this + is not specified, the value of the ''port'' field + is used (an identity map). This field is ignored for + services with clusterIP=None, and should be omitted + or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'sessionAffinity defines the Kubernetes session + affinity. The valid options are `ClientIP` and `None`. `ClientIP` + enables the client IP-based session affinity. The default + value is `None`. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of the session affinity. + properties: + clientIP: + description: clientIP contains the configurations of Client + IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - host + - nodePortOffset + type: object + route: + description: route specifies the configuration to create a route + service in OpenShift. + properties: + annotations: + additionalProperties: + type: string + description: annotations is a map of string key and value + pairs that contains Kubernetes annotations for the route + services. + type: object + x-kubernetes-map-type: granular + domain: + description: domain specifies the domain name of the Confluent + component cluster. + minLength: 1 + type: string + prefix: + description: prefix specifies the component prefix when configured + for the domain. The default value is the name of the cluster. + minLength: 1 + type: string + wildcardPolicy: + description: wildcardPolicy allows you to define a route that + covers all hosts within a domain. Valid options are `Subdomain` + and `None`. The default value is `None`. + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: type specifies the Kubernetes external service for + the component. Valid options are `loadBalancer`, `nodePort`, + and `route`. + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + headlessService: + description: headlessService specifies the configuration of the Kubernetes + headless service. + properties: + annotations: + additionalProperties: + type: string + description: annotations is a map of string key and value pairs. + It specifies the annotations to be added to the CFK-created + headless service. These annotations are merged with the injectAnnotations + and take precedence. + type: object + x-kubernetes-map-type: granular + labels: + additionalProperties: + type: string + description: labels is a map of string key and value pairs. It + specifies the labels to be added to the CFK-created headless + service. These labels are merged with the injectLabels and take + precedence. + type: object + x-kubernetes-map-type: granular + publishNotReadyAddresses: + description: publishNotReadyAddresses specifies the publishNotReadyAddresses + field. For Kafka, this value must be true. The default value + is true. + type: boolean + type: object + image: + description: image specifies the application and the init docker image + configurations. A change to this setting will roll the cluster. + properties: + application: + description: application is the Docker image name of the application. + Specify `//:`. + pattern: .+:.+ + type: string + init: + description: init is the init-container name. Specify `//:`. + pattern: .+:.+ + type: string + pullPolicy: + description: pullPolicy is the policy for pulling images. Valid + options are `Always`, `Never`, and `IfNotPresent`. The default + value is `IfNotPresent`. + enum: + - Always + - Never + - IfNotPresent + type: string + pullSecretRef: + description: 'pullSecretRef references the secrets in the same + namespace to be used for pulling images. Image pull secrets + are distinct from secrets because secrets can be mounted in + the pod, but image pull secrets are only accessed by `kubelet`. + More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: injectAnnotations are the annotations injected to the + internal resources that CFK created. The internal annotations are + preserved and cannot be overridden. For pod annotations, use `podTemplate.annotations`. + type: object + x-kubernetes-map-type: granular + injectLabels: + additionalProperties: + type: string + description: injectLabels are the labels injected to the internal + resources that CFK created. The internal labels are preserved and + cannot be overridden. For pod labels, use `podTemplate.labels`. + type: object + x-kubernetes-map-type: granular + internalTopicReplicationFactor: + description: internalTopicReplicationFactor specifies the replication + factor for internal topics. + format: int32 + type: integer + k8sClusterDomain: + description: k8sClusterDomain specifies the configuration of the Kubernetes + cluster domain. The default is the `cluster.local` domain. + type: string + license: + description: license specifies the license configuration for the Confluent + Platform component. + properties: + directoryPathInContainer: + description: 'directoryPathInContainer specifies the directory + path in the container where the license key is mounted. More + info: https://docs.confluent.io/operator/current/co-license.html#update-component-level-licenses' + minLength: 1 + type: string + globalLicense: + description: globalLicense specifies whether the Confluent Platform + component shares the CFK license. + type: boolean + secretRef: + description: 'secretRef references the secret that provides the + license for the Confluent Platform component. More info: https://docs.confluent.io/operator/current/co-license.html#update-component-level-licenses' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + metrics: + description: metrics specify the security settings for the metric + services. + properties: + authentication: + description: authentication specifies the authentication configuration + for the metrics. + properties: + type: + description: type specifies the metrics authentication method. + The valid option is `mtls`. + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: prometheus specifies the configuration overrides + for the JMX-Prometheus exporter. + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Rule defines the Prometheus Exporter rule override. + properties: + attrNameSnakeCase: + type: boolean + cache: + type: boolean + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + anyOf: + - type: integer + - type: string + default: 1 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: tls specifies the TLS configuration for the metrics. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether to ignore + the truststore configuration for the Confluent component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the secret + containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing the + certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: 'mountedSecrets list the secrets injected to the underlying + statefulset configuration. The secret reference is mounted in the + default path `/mnt/secrets/`. The underlying resources + will follow the secret as a file configuration. More info: https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod. + A change to this setting will roll the cluster.' + items: + description: MountedSecrets provides a way to inject a custom secret + to the underlying statefulset. + properties: + keyItems: + description: keyItems are key and path names. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions + on this file. Must be an octal value between 0000 and + 0777 or a decimal value between 0 and 511. YAML accepts + both octal and decimal values, JSON requires decimal + values for mode bits. If not specified, the volume defaultMode + will be used. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: secretRef references the name of the secret. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + mountedVolumes: + description: mountedVolumes list the custom volumes that need to be + mounted into the underlying statefulset. A change to this setting + will roll the cluster. + properties: + volumeMounts: + description: volumeMounts specify the list of volume mounts for + the pods in the statefulset. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + description: volumes specify the list of volumes that can be mounted + into the pods of statefulset. + items: + description: Volume represents a named volume in a pod that + may be accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'AWSElasticBlockStore represents an AWS Disk + resource that is attached to a kubelet''s host machine + and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'Filesystem type of the volume that you + want to mount. Tip: Ensure that the filesystem type + is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + partition: + description: 'The partition in the volume that you want + to mount. If omitted, the default is to mount by volume + name. Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume partition + for /dev/sda is "0" (or you can leave the property + empty).' + format: int32 + type: integer + readOnly: + description: 'Specify "true" to force and set the ReadOnly + property in VolumeMounts to "true". If omitted, the + default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'Unique ID of the persistent disk resource + in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: AzureDisk represents an Azure Data Disk mount + on the host and bind mount to the pod. + properties: + cachingMode: + description: 'Host Caching mode: None, Read Only, Read + Write.' + type: string + diskName: + description: The Name of the data disk in the blob storage + type: string + diskURI: + description: The URI the data disk in the blob storage + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if + unspecified. + type: string + kind: + description: 'Expected values Shared: multiple blob + disks per storage account Dedicated: single blob + disk per storage account Managed: azure managed data + disk (only in managed availability set). defaults + to shared' + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: AzureFile represents an Azure File Service + mount on the host and bind mount to the pod. + properties: + readOnly: + description: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: the name of secret that contains Azure + Storage Account Name and Key + type: string + shareName: + description: Share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: CephFS represents a Ceph FS mount on the host + that shares a pod's lifetime + properties: + monitors: + description: 'Required: Monitors is a collection of + Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'Optional: Used as the mounted root, rather + than the full Ceph tree, default is /' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'Optional: SecretFile is the path to key + ring for User, default is /etc/ceph/user.secret More + info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'Optional: SecretRef is reference to the + authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + user: + description: 'Optional: User is the rados user name, + default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'Cinder represents a cinder volume attached + and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'Optional: points to a secret object containing + parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + volumeID: + description: 'volume id used to identify the volume + in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: ConfigMap represents a configMap that should + populate this volume + properties: + defaultMode: + description: 'Optional: mode bits used to set permissions + on created files by default. Must be an octal value + between 0000 and 0777 or a decimal value between 0 + and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults + to 0644. Directories within the path are not affected + by this setting. This might be in conflict with other + options that affect the file mode, like fsGroup, and + the result can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in + the Data field of the referenced ConfigMap will be + projected into the volume as a file whose name is + the key and content is the value. If specified, the + listed keys will be projected into the specified paths, + and unlisted keys will not be present. If a key is + specified which is not present in the ConfigMap, the + volume setup will error unless it is marked optional. + Paths must be relative and may not contain the '..' + path or start with '..'. + items: + description: Maps a string key to a path within a + volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set + permissions on this file. Must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal + values, JSON requires decimal values for mode + bits. If not specified, the volume defaultMode + will be used. This might be in conflict with + other options that affect the file mode, like + fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + path: + description: The relative path of the file to + map the key to. May not be an absolute path. + May not contain the path element '..'. May not + start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys + must be defined + type: boolean + type: object + csi: + description: CSI (Container Storage Interface) represents + ephemeral storage that is handled by certain external + CSI drivers (Beta feature). + properties: + driver: + description: Driver is the name of the CSI driver that + handles this volume. Consult with your admin for the + correct name as registered in the cluster. + type: string + fsType: + description: Filesystem type to mount. Ex. "ext4", "xfs", + "ntfs". If not provided, the empty value is passed + to the associated CSI driver which will determine + the default filesystem to apply. + type: string + nodePublishSecretRef: + description: NodePublishSecretRef is a reference to + the secret object containing sensitive information + to pass to the CSI driver to complete the CSI NodePublishVolume + and NodeUnpublishVolume calls. This field is optional, + and may be empty if no secret is required. If the + secret object contains more than one secret, all secret + references are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + readOnly: + description: Specifies a read-only configuration for + the volume. Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: VolumeAttributes stores driver-specific + properties that are passed to the CSI driver. Consult + your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: DownwardAPI represents downward API about the + pod that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created + files by default. Must be a Optional: mode bits used + to set permissions on created files by default. Must + be an octal value between 0000 and 0777 or a decimal + value between 0 and 511. YAML accepts both octal and + decimal values, JSON requires decimal values for mode + bits. Defaults to 0644. Directories within the path + are not affected by this setting. This might be in + conflict with other options that affect the file mode, + like fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume + file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the + pod: only annotations, labels, name and namespace + are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits used to set + permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal + values, JSON requires decimal values for mode + bits. If not specified, the volume defaultMode + will be used. This might be in conflict with + other options that affect the file mode, like + fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must not + be absolute or contain the ''..'' path. Must + be utf-8 encoded. The first item of the relative + path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'EmptyDir represents a temporary directory + that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'What type of storage medium should back + this directory. The default is "" which means to use + the node''s default medium. Must be an empty string + (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'Total amount of local storage required + for this EmptyDir volume. The size limit is also applicable + for memory medium. The maximum usage on memory medium + EmptyDir would be the minimum value between the SizeLimit + specified here and the sum of memory limits of all + containers in a pod. The default is nil which means + that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: "Ephemeral represents a volume that is handled + by a cluster storage driver. The volume's lifecycle is + tied to the pod that defines it - it will be created before + the pod starts, and deleted when the pod is removed. \n + Use this if: a) the volume is only needed while the pod + runs, b) features of normal volumes like restoring from + snapshot or capacity tracking are needed, c) the storage + driver is specified through a storage class, and d) the + storage driver supports dynamic volume provisioning through + \ a PersistentVolumeClaim (see EphemeralVolumeSource + for more information on the connection between this + volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim + or one of the vendor-specific APIs for volumes that persist + for longer than the lifecycle of an individual pod. \n + Use CSI for light-weight local ephemeral volumes if the + CSI driver is meant to be used that way - see the documentation + of the driver for more information. \n A pod can use both + types of ephemeral volumes and persistent volumes at the + same time." + properties: + volumeClaimTemplate: + description: "Will be used to create a stand-alone PVC + to provision the volume. The pod in which this EphemeralVolumeSource + is embedded will be the owner of the PVC, i.e. the + PVC will be deleted together with the pod. The name + of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` + array entry. Pod validation will reject the pod if + the concatenated name is not valid for a PVC (for + example, too long). \n An existing PVC with that name + that is not owned by the pod will *not* be used for + the pod to avoid using an unrelated volume by mistake. + Starting the pod is then blocked until the unrelated + PVC is removed. If such a pre-created PVC is meant + to be used by the pod, the PVC has to updated with + an owner reference to the pod once the pod exists. + Normally this should not be necessary, but it may + be useful when manually reconstructing a broken cluster. + \n This field is read-only and no changes will be + made by Kubernetes to the PVC after it has been created. + \n Required, must not be nil." + properties: + metadata: + description: May contain labels and annotations + that will be copied into the PVC when creating + it. No other fields are allowed and will be rejected + during validation. + type: object + spec: + description: The specification for the PersistentVolumeClaim. + The entire content is copied unchanged into the + PVC that gets created from this template. The + same fields as in a PersistentVolumeClaim are + also valid here. + properties: + accessModes: + description: 'AccessModes contains the desired + access modes the volume should have. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'This field can be used to specify + either: * An existing VolumeSnapshot object + (snapshot.storage.k8s.io/VolumeSnapshot) * + An existing PVC (PersistentVolumeClaim) If + the provisioner or an external controller + can support the specified data source, it + will create a new volume based on the contents + of the specified data source. If the AnyVolumeDataSource + feature gate is enabled, this field will always + have the same contents as the DataSourceRef + field.' + properties: + apiGroup: + description: APIGroup is the group for the + resource being referenced. If APIGroup + is not specified, the specified Kind must + be in the core API group. For any other + third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + dataSourceRef: + description: 'Specifies the object from which + to populate the volume with data, if a non-empty + volume is desired. This may be any local object + from a non-empty API group (non core object) + or a PersistentVolumeClaim object. When this + field is specified, volume binding will only + succeed if the type of the specified object + matches some installed volume populator or + dynamic provisioner. This field will replace + the functionality of the DataSource field + and as such if both fields are non-empty, + they must have the same value. For backwards + compatibility, both fields (DataSource and + DataSourceRef) will be set to the same value + automatically if one of them is empty and + the other is non-empty. There are two important + differences between DataSource and DataSourceRef: + * While DataSource only allows two specific + types of objects, DataSourceRef allows any + non-core object, as well as PersistentVolumeClaim + objects. * While DataSource ignores disallowed + values (dropping them), DataSourceRef preserves + all values, and generates an error if a disallowed + value is specified. (Alpha) Using this field + requires the AnyVolumeDataSource feature gate + to be enabled.' + properties: + apiGroup: + description: APIGroup is the group for the + resource being referenced. If APIGroup + is not specified, the specified Kind must + be in the core API group. For any other + third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + resources: + description: 'Resources represents the minimum + resources the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify + resource requirements that are lower than + previous value but must still be higher than + capacity recorded in the status field of the + claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. + If Requests is omitted for a container, + it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: A label query over volumes to consider + for binding. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'Name of the StorageClass required + by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of + volume is required by the claim. Value of + Filesystem is implied when not included in + claim spec. + type: string + volumeName: + description: VolumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: FC represents a Fibre Channel resource that + is attached to a kubelet's host machine and then exposed + to the pod. + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if + unspecified. TODO: how do we prevent errors in the + filesystem from compromising the machine' + type: string + lun: + description: 'Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'Optional: FC target worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: 'Optional: FC volume world wide identifiers + (wwids) Either wwids or combination of targetWWNs + and lun must be set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: FlexVolume represents a generic volume resource + that is provisioned/attached using an exec based plugin. + properties: + driver: + description: Driver is the name of the driver to use + for this volume. + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". The default filesystem depends on FlexVolume + script. + type: string + options: + additionalProperties: + type: string + description: 'Optional: Extra command options if any.' + type: object + readOnly: + description: 'Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'Optional: SecretRef is reference to the + secret object containing sensitive information to + pass to the plugin scripts. This may be empty if no + secret object is specified. If the secret object contains + more than one secret, all secrets are passed to the + plugin scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + required: + - driver + type: object + flocker: + description: Flocker represents a Flocker volume attached + to a kubelet's host machine. This depends on the Flocker + control service being running + properties: + datasetName: + description: Name of the dataset stored as metadata + -> name on the dataset for Flocker should be considered + as deprecated + type: string + datasetUUID: + description: UUID of the dataset. This is unique identifier + of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'GCEPersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then + exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'Filesystem type of the volume that you + want to mount. Tip: Ensure that the filesystem type + is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + partition: + description: 'The partition in the volume that you want + to mount. If omitted, the default is to mount by volume + name. Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume partition + for /dev/sda is "0" (or you can leave the property + empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'Unique name of the PD resource in GCE. + Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly + setting in VolumeMounts. Defaults to false. More info: + https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'GitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision + a container with a git repo, mount an EmptyDir into an + InitContainer that clones the repo using git, then mount + the EmptyDir into the Pod''s container.' + properties: + directory: + description: Target directory name. Must not contain + or start with '..'. If '.' is supplied, the volume + directory will be the git repository. Otherwise, + if specified, the volume will contain the git repository + in the subdirectory with the given name. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'Glusterfs represents a Glusterfs mount on + the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'EndpointsName is the endpoint name that + details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'Path is the Glusterfs volume path. More + info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'ReadOnly here will force the Glusterfs + volume to be mounted with read-only permissions. Defaults + to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'HostPath represents a pre-existing file or + directory on the host machine that is directly exposed + to the container. This is generally used for system agents + or other privileged things that are allowed to see the + host machine. Most containers will NOT need this. More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host + directory mounts and who can/can not mount host directories + as read/write.' + properties: + path: + description: 'Path of the directory on the host. If + the path is a symlink, it will follow the link to + the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'Type for HostPath Volume Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'ISCSI represents an ISCSI Disk resource that + is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: whether support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: whether support iSCSI Session CHAP authentication + type: boolean + fsType: + description: 'Filesystem type of the volume that you + want to mount. Tip: Ensure that the filesystem type + is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + initiatorName: + description: Custom iSCSI Initiator Name. If initiatorName + is specified with iscsiInterface simultaneously, new + iSCSI interface : will + be created for the connection. + type: string + iqn: + description: Target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iSCSI Interface Name that uses an iSCSI + transport. Defaults to 'default' (tcp). + type: string + lun: + description: iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: iSCSI Target Portal List. The portal is + either an IP or ip_addr:port if the port is other + than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: CHAP Secret for iSCSI target and initiator + authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + targetPortal: + description: iSCSI Target Portal. The Portal is either + an IP or ip_addr:port if the port is other than default + (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique + within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'NFS represents an NFS mount on the host that + shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'Path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'ReadOnly here will force the NFS export + to be mounted with read-only permissions. Defaults + to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'Server is the hostname or IP address of + the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'PersistentVolumeClaimVolumeSource represents + a reference to a PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'ClaimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: PhotonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host + machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if + unspecified. + type: string + pdID: + description: ID that identifies Photon Controller persistent + disk + type: string + required: + - pdID + type: object + portworxVolume: + description: PortworxVolume represents a portworx volume + attached and mounted on kubelets host machine + properties: + fsType: + description: FSType represents the filesystem type to + mount Must be a filesystem type supported by the host + operating system. Ex. "ext4", "xfs". Implicitly inferred + to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: VolumeID uniquely identifies a Portworx + volume + type: string + required: + - volumeID + type: object + projected: + description: Items for all in one resources secrets, configmaps, + and downward API + properties: + defaultMode: + description: Mode bits used to set permissions on created + files by default. Must be an octal value between 0000 + and 0777 or a decimal value between 0 and 511. YAML + accepts both octal and decimal values, JSON requires + decimal values for mode bits. Directories within the + path are not affected by this setting. This might + be in conflict with other options that affect the + file mode, like fsGroup, and the result can be other + mode bits set. + format: int32 + type: integer + sources: + description: list of volume projections + items: + description: Projection that may be projected along + with other supported volume types + properties: + configMap: + description: information about the configMap data + to project + properties: + items: + description: If unspecified, each key-value + pair in the Data field of the referenced + ConfigMap will be projected into the volume + as a file whose name is the key and content + is the value. If specified, the listed keys + will be projected into the specified paths, + and unlisted keys will not be present. If + a key is specified which is not present + in the ConfigMap, the volume setup will + error unless it is marked optional. Paths + must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used + to set permissions on this file. Must + be an octal value between 0000 and + 0777 or a decimal value between 0 + and 511. YAML accepts both octal and + decimal values, JSON requires decimal + values for mode bits. If not specified, + the volume defaultMode will be used. + This might be in conflict with other + options that affect the file mode, + like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the + file to map the key to. May not be + an absolute path. May not contain + the path element '..'. May not start + with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + downwardAPI: + description: information about the downwardAPI + data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits used + to set permissions on this file, must + be an octal value between 0000 and + 0777 or a decimal value between 0 + and 511. YAML accepts both octal and + decimal values, JSON requires decimal + values for mode bits. If not specified, + the volume defaultMode will be used. + This might be in conflict with other + options that affect the file mode, + like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the + relative path name of the file to + be created. Must not be absolute or + contain the ''..'' path. Must be utf-8 + encoded. The first item of the relative + path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of + the container: only resources limits + and requests (limits.cpu, limits.memory, + requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: information about the secret data + to project + properties: + items: + description: If unspecified, each key-value + pair in the Data field of the referenced + Secret will be projected into the volume + as a file whose name is the key and content + is the value. If specified, the listed keys + will be projected into the specified paths, + and unlisted keys will not be present. If + a key is specified which is not present + in the Secret, the volume setup will error + unless it is marked optional. Paths must + be relative and may not contain the '..' + path or start with '..'. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used + to set permissions on this file. Must + be an octal value between 0000 and + 0777 or a decimal value between 0 + and 511. YAML accepts both octal and + decimal values, JSON requires decimal + values for mode bits. If not specified, + the volume defaultMode will be used. + This might be in conflict with other + options that affect the file mode, + like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the + file to map the key to. May not be + an absolute path. May not contain + the path element '..'. May not start + with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + type: object + serviceAccountToken: + description: information about the serviceAccountToken + data to project + properties: + audience: + description: Audience is the intended audience + of the token. A recipient of a token must + identify itself with an identifier specified + in the audience of the token, and otherwise + should reject the token. The audience defaults + to the identifier of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested + duration of validity of the service account + token. As the token approaches expiration, + the kubelet volume plugin will proactively + rotate the service account token. The kubelet + will start trying to rotate the token if + the token is older than 80 percent of its + time to live or if the token is older than + 24 hours.Defaults to 1 hour and must be + at least 10 minutes. + format: int64 + type: integer + path: + description: Path is the path relative to + the mount point of the file to project the + token into. + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + description: Quobyte represents a Quobyte mount on the host + that shares a pod's lifetime + properties: + group: + description: Group to map volume access to Default is + no group + type: string + readOnly: + description: ReadOnly here will force the Quobyte volume + to be mounted with read-only permissions. Defaults + to false. + type: boolean + registry: + description: Registry represents a single or multiple + Quobyte Registry services specified as a string as + host:port pair (multiple entries are separated with + commas) which acts as the central registry for volumes + type: string + tenant: + description: Tenant owning the given Quobyte volume + in the Backend Used with dynamically provisioned Quobyte + volumes, value is set by the plugin + type: string + user: + description: User to map volume access to Defaults to + serivceaccount user + type: string + volume: + description: Volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'RBD represents a Rados Block Device mount + on the host that shares a pod''s lifetime. More info: + https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'Filesystem type of the volume that you + want to mount. Tip: Ensure that the filesystem type + is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + image: + description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'Keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'A collection of Ceph monitors. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'The rados pool name. Default is rbd. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly + setting in VolumeMounts. Defaults to false. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'SecretRef is name of the authentication + secret for RBDUser. If provided overrides keyring. + Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + user: + description: 'The rados user name. Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: ScaleIO represents a ScaleIO persistent volume + attached and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: The host address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: The name of the ScaleIO Protection Domain + for the configured storage. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef references to the secret for + ScaleIO user and other sensitive information. If this + is not provided, Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + sslEnabled: + description: Flag to enable/disable SSL communication + with Gateway, default false + type: boolean + storageMode: + description: Indicates whether the storage for a volume + should be ThickProvisioned or ThinProvisioned. Default + is ThinProvisioned. + type: string + storagePool: + description: The ScaleIO Storage Pool associated with + the protection domain. + type: string + system: + description: The name of the storage system as configured + in ScaleIO. + type: string + volumeName: + description: The name of a volume already created in + the ScaleIO system that is associated with this volume + source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'Secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'Optional: mode bits used to set permissions + on created files by default. Must be an octal value + between 0000 and 0777 or a decimal value between 0 + and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults + to 0644. Directories within the path are not affected + by this setting. This might be in conflict with other + options that affect the file mode, like fsGroup, and + the result can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in + the Data field of the referenced Secret will be projected + into the volume as a file whose name is the key and + content is the value. If specified, the listed keys + will be projected into the specified paths, and unlisted + keys will not be present. If a key is specified which + is not present in the Secret, the volume setup will + error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start + with '..'. + items: + description: Maps a string key to a path within a + volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set + permissions on this file. Must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal + values, JSON requires decimal values for mode + bits. If not specified, the volume defaultMode + will be used. This might be in conflict with + other options that affect the file mode, like + fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + path: + description: The relative path of the file to + map the key to. May not be an absolute path. + May not contain the path element '..'. May not + start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: Specify whether the Secret or its keys + must be defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace + to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: StorageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if + unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef specifies the secret to use for + obtaining the StorageOS API credentials. If not specified, + default values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + volumeName: + description: VolumeName is the human-readable name of + the StorageOS volume. Volume names are only unique + within a namespace. + type: string + volumeNamespace: + description: VolumeNamespace specifies the scope of + the volume within StorageOS. If no namespace is specified + then the Pod's namespace will be used. This allows + the Kubernetes name scoping to be mirrored within + StorageOS for tighter integration. Set VolumeName + to any name to override the default behaviour. Set + to "default" if you are not using namespaces within + StorageOS. Namespaces that do not pre-exist within + StorageOS will be created. + type: string + type: object + vsphereVolume: + description: VsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if + unspecified. + type: string + storagePolicyID: + description: Storage Policy Based Management (SPBM) + profile ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: Storage Policy Based Management (SPBM) + profile name. + type: string + volumePath: + description: Path that identifies vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + required: + - volumeMounts + - volumes + type: object + oneReplicaPerNode: + description: oneReplicaPerNode controls whether to run 1 pod per node + using the pod anti-affinity capability. Enabling this configuration + in an existing cluster will roll the cluster. + type: boolean + podTemplate: + description: podTemplate specifies the statefulset pod template configuration. + properties: + affinity: + description: 'affinity specifies a group of affinity scheduling + rules. More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity.' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from + its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term + matches no objects. The requirements of them are + ANDed. The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. This + field is beta-level and is only honored when + PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. This field is beta-level + and is only honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node that + violates one or more of the expressions. The node that + is most preferred is the one with the greatest sum of + weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. This + field is beta-level and is only honored when + PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod + label update), the system may or may not try to eventually + evict the pod from its node. When there are multiple + elements, the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. This field is beta-level + and is only honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'annotations is a map of string key and value pairs + stored with the resource and may be set by external tools to + store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations.' + type: object + x-kubernetes-map-type: granular + envVars: + description: 'envVars contain environment variables to be injected + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container.' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. If + a variable cannot be resolved, the reference in the input + string will be unchanged. Double $$ are reduced to a single + $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'labels is a map of string key and value pairs that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels.' + type: object + x-kubernetes-map-type: granular + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present + in container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to + all containers in a pod. Some volume types allow the Kubelet + to change the ownership of that volume to be owned by the + pod: \n 1. The owning GID will be the FSGroup 2. The setgid + bit is set (new files created in the volume will be owned + by FSGroup) 3. The permission bits are OR'd with rw-rw---- + \n If unset, the Kubelet will not modify the ownership and + permissions of any volume. Note that this field cannot be + set when spec.os.name is windows." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified, "Always" is used. Note that + this field cannot be set when spec.os.name is windows.' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. Note that this field + cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + Note that this field cannot be set when spec.os.name is + windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence + for that container. Note that this field cannot be set when + spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by the containers + in this pod. Note that this field cannot be set when spec.os.name + is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile must + be preconfigured on the node to work. Must be a descending + path, relative to the kubelet's configured seccomp profile + location. Must only be set if type is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - a + profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile + should be used. Unconfined - no profile should be applied." + type: string + required: + - type + type: object + supplementalGroups: + description: A list of groups applied to the first process + run in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + Note that this field cannot be set when spec.os.name is + windows. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. Note that this field cannot + be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options within a container's + SecurityContext will be used. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. This field is + alpha-level and will only be honored by components that + enable the WindowsHostProcessContainers feature flag. + Setting this field without the feature flag will result + in errors when validating the Pod. All of a Pod's containers + must have the same effective HostProcess value (it is + not allowed to have a mix of HostProcess containers + and non-HostProcess containers). In addition, if HostProcess + is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + priorityClassName: + description: priorityClassName specifies the priority class for + the pod (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: probe contains the fields for standard Kubernetes + readiness/liveness probe configuration. + properties: + liveness: + description: liveness configures the Kubernetes probe settings. + The changes will override the existing default configuration. + properties: + failureThreshold: + description: failureThreshold is the minimum consecutive + failures for the probe to be considered failed. Confluent + Platform components come with the right configuration, + and this setting is not required to change most of the + time. + format: int32 + type: integer + initialDelaySeconds: + description: initialDelaySeconds is the number of seconds + after the container has started and before probes are + initiated. Confluent Platform components come with the + right configuration, and this setting is not required + to change most of the time. + format: int32 + type: integer + periodSeconds: + description: periodSeconds specifies how often to perform + the probe. Confluent Platform components come with the + right configuration, and this setting is not required + to change most of the time. + format: int32 + type: integer + successThreshold: + description: successThreshold is the minimum consecutive + successes for the probe to be considered successful + after having failed. The default values is `1`. Must + be `1` for liveness and startup. The minimum value is + `1`. + format: int32 + type: integer + timeoutSeconds: + description: timeoutSeconds is the number of seconds after + which the probe times out. Confluent Platform components + come with the right configuration, and this setting + is not required to change most of the time. + format: int32 + type: integer + type: object + readiness: + description: readiness configures the Kubernetes probe setting. + The changes will override the existing default configuration. + properties: + failureThreshold: + description: failureThreshold is the minimum consecutive + failures for the probe to be considered failed. Confluent + Platform components come with the right configuration, + and this setting is not required to change most of the + time. + format: int32 + type: integer + initialDelaySeconds: + description: initialDelaySeconds is the number of seconds + after the container has started and before probes are + initiated. Confluent Platform components come with the + right configuration, and this setting is not required + to change most of the time. + format: int32 + type: integer + periodSeconds: + description: periodSeconds specifies how often to perform + the probe. Confluent Platform components come with the + right configuration, and this setting is not required + to change most of the time. + format: int32 + type: integer + successThreshold: + description: successThreshold is the minimum consecutive + successes for the probe to be considered successful + after having failed. The default values is `1`. Must + be `1` for liveness and startup. The minimum value is + `1`. + format: int32 + type: integer + timeoutSeconds: + description: timeoutSeconds is the number of seconds after + which the probe times out. Confluent Platform components + come with the right configuration, and this setting + is not required to change most of the time. + format: int32 + type: integer + type: object + type: object + resources: + description: resources describe the compute resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: SecurityContext holds security configuration that + will be applied to a container. Some fields are present in both + SecurityContext and PodSecurityContext. When both are set, + the values in SecurityContext take precedence. + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN Note that this field cannot be set + when spec.os.name is windows.' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. Note that this field cannot be set when + spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. Note that this field cannot + be set when spec.os.name is windows. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. Note that this field cannot be set when spec.os.name + is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. Note that this field cannot be set when + spec.os.name is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this container. + If seccomp options are provided at both the pod & container + level, the container options override the pod options. Note + that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile must + be preconfigured on the node to work. Must be a descending + path, relative to the kubelet's configured seccomp profile + location. Must only be set if type is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - a + profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile + should be used. Unconfined - no profile should be applied." + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is + linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. This field is + alpha-level and will only be honored by components that + enable the WindowsHostProcessContainers feature flag. + Setting this field without the feature flag will result + in errors when validating the Pod. All of a Pod's containers + must have the same effective HostProcess value (it is + not allowed to have a mix of HostProcess containers + and non-HostProcess containers). In addition, if HostProcess + is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the service account + used to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account.' + type: string + terminationGracePeriodSeconds: + description: terminationGracePeriodSeconds is the grace period + before the pod is deleted. + format: int64 + type: integer + tolerations: + description: tolerations specify the pods to schedule onto the + nodes with matching taints, using the triple `` + and the matching operator ``. + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: topologySpreadConstraints describe how a group of + pods ought to spread across topology domains. Scheduler will + schedule pods based on the constraints. All topologySpreadConstraints + are ANDed. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods + may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, + it is the maximum permitted difference between the number + of matching pods in the target topology and the global + minimum. For example, in a 3-zone cluster, MaxSkew is + set to 1, and pods with the same labelSelector spread + as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | + - if MaxSkew is 1, incoming pod can only be scheduled + to zone3 to become 1/1/1; scheduling it onto zone1(zone2) + would make the ActualSkew(2-0) on zone1(zone2) violate + MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled + onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, + it is used to give higher precedence to topologies that + satisfy it. It''s a required field. Default value is 1 + and 0 is not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - + DoNotSchedule (default) tells the scheduler not to schedule + it. - ScheduleAnyway tells the scheduler to schedule the + pod in any location, but giving higher precedence to + topologies that would help reduce the skew. A constraint + is considered "Unsatisfiable" for an incoming pod if and + only if every possible node assignment for that pod would + violate "MaxSkew" on some topology. For example, in a + 3-zone cluster, MaxSkew is set to 1, and pods with the + same labelSelector spread as 3/1/1: | zone1 | zone2 | + zone3 | | P P P | P | P | If WhenUnsatisfiable + is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) + on zone2(zone3) satisfies MaxSkew(1). In other words, + the cluster can still be imbalanced, but scheduler won''t + make it *more* imbalanced. It''s a required field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + replicas: + description: replicas is the desired number of replicas. A change + to this setting will roll the cluster. + format: int32 + type: integer + storageClass: + description: storageClass specifies the storage class used for creating + the PVC for the ksqlDB cluster. + properties: + name: + description: name is the storage class name. + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + telemetry: + description: telemetry specifies the Confluent telemetry reporter + configuration. + properties: + global: + description: global allows disabling telemetry configuration. + If CFK is deployed with telemetry, this field is only used to + disable telemetry. The default value is `true` if telemetry + is enabled at the global level. + type: boolean + type: object + tls: + description: tls specifies the TLS configurations for the ksqlDB cluster. + properties: + autoGeneratedCerts: + description: autoGeneratedCerts specifies that the certificates + are auto-generated based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` is + not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether to ignore + the truststore configuration for the Confluent component. + type: boolean + jksPassword: + description: jksPassword references the secret containing the + JKS password. + properties: + secretRef: + description: 'secretRef references the name of the secret + containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing the certificates. + More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - dataVolumeCapacity + - image + - replicas + type: object + status: + description: status defines the observed state of ksqlDB Server. + properties: + authorizationType: + description: authorizationType is the authorization type for this + Confluent component. + type: string + clusterName: + description: clusterName is the name of the Confluent Platform component + cluster. + type: string + clusterNamespace: + description: clusterNamespace is the namespace where the Confluent + Platform component cluster is running. + type: string + conditions: + description: conditions specify the latest available observations + of the current state. + items: + description: Condition represent the latest available observations + of the current state. + properties: + lastProbeTime: + description: lastProbeTime shows the last time the condition + was evaluated. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime shows the last time the condition + was transitioned from one status to another. + format: date-time + type: string + message: + description: message shows a human-readable message with details + about the transition. + type: string + reason: + description: reason shows the reason for the last transition + of the condition. + type: string + status: + description: status shows the status of the condition, one of + `True`, `False`, or `Unknown`. + type: string + type: + description: type shows the condition type. + type: string + type: object + type: array + currentReplicas: + description: currentReplicas is the number of currently running replicas. + format: int32 + type: integer + internalSecrets: + description: internalSecrets are internal secrets created by CFK for + this Confluent component. + items: + type: string + type: array + internalTopicNames: + description: internalTopicNames are the topics used by the component + for internal use. + items: + type: string + type: array + kafka: + description: kafka is the Kafka client side status for the ksqlDB + cluster. + properties: + authenticationType: + description: authenticationType describes the authentication method + for the Kafka cluster. + type: string + bootstrapEndpoint: + description: bootstrapEndpoint specifies the Kafka bootstrap endpoint. + type: string + tls: + description: tls indicates whether TLS is enabled for the Kafka + dependency. + type: boolean + type: object + operatorVersion: + description: operatorVersion is the internal version of CFK. + type: string + phase: + description: phase describes the state of the Confluent Platform component. + type: string + rbac: + description: rbac contains the RBAC-related status when RBAC is enabled. + properties: + clusterID: + description: clusterID specifies the id of the cluster. + type: string + internalRolebindings: + description: internalRolebindings specifies the internal rolebindings. + items: + type: string + type: array + type: object + readyReplicas: + description: readyReplicas is the number of currently ready replicas. + format: int32 + type: integer + replicas: + description: replicas is the number of replicas. + format: int32 + type: integer + restConfig: + description: restConfig is the REST API configuration of the ksqlDB + cluster. + properties: + advertisedExternalEndpoints: + description: advertisedExternalEndpoints specifies other advertised + endpoints used, especially for Kafka. + items: + type: string + type: array + authenticationType: + description: authenticationType shows the authentication type + configured by the listener. + type: string + externalAccessType: + description: externalAccessType shows the external access type + used for the listener. + type: string + externalEndpoint: + description: externalEndpoint specifies the external endpoint + to connect to the Confluent component cluster. + type: string + internalEndpoint: + description: internalEndpoint specifies the internal endpoint + to connect to the Confluent component cluster. + type: string + tls: + description: tls shows whether TLS is configured for the listener. + type: boolean + type: object + selector: + description: selector gets the label selector of the child pod. The + Horizontal Pod Autoscaler(HPA) will scale using the label selector + of the child pod. + type: string + serviceID: + description: serviceID is the id of the ksqlDB service. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.3.0/crds/platform.confluent.io_migrationjobs.yaml b/base/cfk-base/2.3.0/crds/platform.confluent.io_migrationjobs.yaml new file mode 100644 index 0000000..323bfbf --- /dev/null +++ b/base/cfk-base/2.3.0/crds/platform.confluent.io_migrationjobs.yaml @@ -0,0 +1,760 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_migrationjobs.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + name: migrationjobs.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: MigrationJob + listKind: MigrationJobList + plural: migrationjobs + shortNames: + - migrationjob + - migration + singular: migrationjob + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: MigrationJob is the schema for the MigrationJob API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec defines the desired state of the MigrationJob. + properties: + blockReconcile: + description: blockReconcile specifies whether to block the reconciling + process. + type: boolean + connect: + description: connect specifies the migration job spec for Connect. + properties: + annotations: + additionalProperties: + type: string + description: 'annotations specify the annotations for the new + resource created. An annotation is an unstructured key value + map stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. annotations are not + queryable and should be preserved when modifying objects. More + info: http://kubernetes.io/docs/user-guide/annotations.' + type: object + x-kubernetes-map-type: granular + configOverrides: + description: configOverrides specify the configuration overrides + for the new resource created. This setting takes precedence + over the default configuration. + properties: + jvm: + description: jvm is a list of JVM configuration supported + by the Confluent Platform component. This will either add + or update the existing configuration. + items: + type: string + type: array + log4j: + description: log4j is a list of Log4J configuration supported + by the Confluent Platform component. This will either add + or update the existing configuration. + items: + type: string + type: array + server: + description: server is a list of server configuration supported + by the Confluent Platform component. This will either add + or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: enabled indicates whether migration of this component + is enabled. + type: boolean + labels: + additionalProperties: + type: string + description: 'labels specify the labels for the new resource created. + A label is a map of string key and value that can be used to + organize and categorize (scope and select) objects. May match + selectors of replication controllers and services. More info: + http://kubernetes.io/docs/user-guide/labels.' + type: object + x-kubernetes-map-type: granular + name: + description: name specifies the name of the component resource + to migrate. It must be unique within a namespace. Note that + the resource will be deleted once the migration is complete. + Required if this component is enabled. + type: string + namespace: + description: namespace specifies the namespace for the component + to migrate. An empty namespace is equivalent to the "default" + namespace, but `default` is the canonical representation. Not + all objects are required to be scoped to a namespace, and the + value of this field for those objects will be empty. + type: string + release: + description: release is the Helm release name for the component. + It is optional for the Kafka and Zookeeper releases. + minLength: 1 + type: string + required: + - enabled + - name + type: object + controlcenter: + description: controlcenter specifies the migration job spec for Control + Center. + properties: + annotations: + additionalProperties: + type: string + description: 'annotations specify the annotations for the new + resource created. An annotation is an unstructured key value + map stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. annotations are not + queryable and should be preserved when modifying objects. More + info: http://kubernetes.io/docs/user-guide/annotations.' + type: object + x-kubernetes-map-type: granular + configOverrides: + description: configOverrides specify the configuration overrides + for the new resource created. This setting takes precedence + over the default configuration. + properties: + jvm: + description: jvm is a list of JVM configuration supported + by the Confluent Platform component. This will either add + or update the existing configuration. + items: + type: string + type: array + log4j: + description: log4j is a list of Log4J configuration supported + by the Confluent Platform component. This will either add + or update the existing configuration. + items: + type: string + type: array + server: + description: server is a list of server configuration supported + by the Confluent Platform component. This will either add + or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: enabled indicates whether migration of this component + is enabled. + type: boolean + labels: + additionalProperties: + type: string + description: 'labels specify the labels for the new resource created. + A label is a map of string key and value that can be used to + organize and categorize (scope and select) objects. May match + selectors of replication controllers and services. More info: + http://kubernetes.io/docs/user-guide/labels.' + type: object + x-kubernetes-map-type: granular + name: + description: name specifies the name of the component resource + to migrate. It must be unique within a namespace. Note that + the resource will be deleted once the migration is complete. + Required if this component is enabled. + type: string + namespace: + description: namespace specifies the namespace for the component + to migrate. An empty namespace is equivalent to the "default" + namespace, but `default` is the canonical representation. Not + all objects are required to be scoped to a namespace, and the + value of this field for those objects will be empty. + type: string + release: + description: release is the Helm release name for the component. + It is optional for the Kafka and Zookeeper releases. + minLength: 1 + type: string + required: + - enabled + - name + type: object + initContainerImage: + description: initContainerImage specifies the image name of the init + container. + minLength: 1 + type: string + kafka: + description: kafka specifies the migration job spec for Kafka. + properties: + annotations: + additionalProperties: + type: string + description: 'annotations specify the annotations for the new + resource created. An annotation is an unstructured key value + map stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. annotations are not + queryable and should be preserved when modifying objects. More + info: http://kubernetes.io/docs/user-guide/annotations.' + type: object + x-kubernetes-map-type: granular + configOverrides: + description: configOverrides specify the configuration overrides + for the new resource created. This setting takes precedence + over the default configuration. + properties: + jvm: + description: jvm is a list of JVM configuration supported + by the Confluent Platform component. This will either add + or update the existing configuration. + items: + type: string + type: array + log4j: + description: log4j is a list of Log4J configuration supported + by the Confluent Platform component. This will either add + or update the existing configuration. + items: + type: string + type: array + server: + description: server is a list of server configuration supported + by the Confluent Platform component. This will either add + or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: enabled indicates whether migration of this component + is enabled. + type: boolean + labels: + additionalProperties: + type: string + description: 'labels specify the labels for the new resource created. + A label is a map of string key and value that can be used to + organize and categorize (scope and select) objects. May match + selectors of replication controllers and services. More info: + http://kubernetes.io/docs/user-guide/labels.' + type: object + x-kubernetes-map-type: granular + name: + description: name specifies the name of the component resource + to migrate. It must be unique within a namespace. Note that + the resource will be deleted once the migration is complete. + Required if this component is enabled. + type: string + namespace: + description: namespace specifies the namespace for the component + to migrate. An empty namespace is equivalent to the "default" + namespace, but `default` is the canonical representation. Not + all objects are required to be scoped to a namespace, and the + value of this field for those objects will be empty. + type: string + release: + description: release is the Helm release name for the component. + It is optional for the Kafka and Zookeeper releases. + minLength: 1 + type: string + required: + - enabled + - name + type: object + ksqldb: + description: ksqldb specifies the migration job spec for ksqlDB. + properties: + annotations: + additionalProperties: + type: string + description: 'annotations specify the annotations for the new + resource created. An annotation is an unstructured key value + map stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. annotations are not + queryable and should be preserved when modifying objects. More + info: http://kubernetes.io/docs/user-guide/annotations.' + type: object + x-kubernetes-map-type: granular + configOverrides: + description: configOverrides specify the configuration overrides + for the new resource created. This setting takes precedence + over the default configuration. + properties: + jvm: + description: jvm is a list of JVM configuration supported + by the Confluent Platform component. This will either add + or update the existing configuration. + items: + type: string + type: array + log4j: + description: log4j is a list of Log4J configuration supported + by the Confluent Platform component. This will either add + or update the existing configuration. + items: + type: string + type: array + server: + description: server is a list of server configuration supported + by the Confluent Platform component. This will either add + or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: enabled indicates whether migration of this component + is enabled. + type: boolean + labels: + additionalProperties: + type: string + description: 'labels specify the labels for the new resource created. + A label is a map of string key and value that can be used to + organize and categorize (scope and select) objects. May match + selectors of replication controllers and services. More info: + http://kubernetes.io/docs/user-guide/labels.' + type: object + x-kubernetes-map-type: granular + name: + description: name specifies the name of the component resource + to migrate. It must be unique within a namespace. Note that + the resource will be deleted once the migration is complete. + Required if this component is enabled. + type: string + namespace: + description: namespace specifies the namespace for the component + to migrate. An empty namespace is equivalent to the "default" + namespace, but `default` is the canonical representation. Not + all objects are required to be scoped to a namespace, and the + value of this field for those objects will be empty. + type: string + release: + description: release is the Helm release name for the component. + It is optional for the Kafka and Zookeeper releases. + minLength: 1 + type: string + required: + - enabled + - name + type: object + pullSecretRef: + description: pullSecretRef references a list of the secret names for + pulling Confluent images. + items: + type: string + type: array + replicator: + description: replicator specifies the migration job spec for Replicator. + properties: + annotations: + additionalProperties: + type: string + description: 'annotations specify the annotations for the new + resource created. An annotation is an unstructured key value + map stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. annotations are not + queryable and should be preserved when modifying objects. More + info: http://kubernetes.io/docs/user-guide/annotations.' + type: object + x-kubernetes-map-type: granular + configOverrides: + description: configOverrides specify the configuration overrides + for the new resource created. This setting takes precedence + over the default configuration. + properties: + jvm: + description: jvm is a list of JVM configuration supported + by the Confluent Platform component. This will either add + or update the existing configuration. + items: + type: string + type: array + log4j: + description: log4j is a list of Log4J configuration supported + by the Confluent Platform component. This will either add + or update the existing configuration. + items: + type: string + type: array + server: + description: server is a list of server configuration supported + by the Confluent Platform component. This will either add + or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: enabled indicates whether migration of this component + is enabled. + type: boolean + labels: + additionalProperties: + type: string + description: 'labels specify the labels for the new resource created. + A label is a map of string key and value that can be used to + organize and categorize (scope and select) objects. May match + selectors of replication controllers and services. More info: + http://kubernetes.io/docs/user-guide/labels.' + type: object + x-kubernetes-map-type: granular + name: + description: name specifies the name of the component resource + to migrate. It must be unique within a namespace. Note that + the resource will be deleted once the migration is complete. + Required if this component is enabled. + type: string + namespace: + description: namespace specifies the namespace for the component + to migrate. An empty namespace is equivalent to the "default" + namespace, but `default` is the canonical representation. Not + all objects are required to be scoped to a namespace, and the + value of this field for those objects will be empty. + type: string + release: + description: release is the Helm release name for the component. + It is optional for the Kafka and Zookeeper releases. + minLength: 1 + type: string + required: + - enabled + - name + type: object + schemaRegistry: + description: schemaRegistry specifies the migration job spec for Schema + Registry. + properties: + annotations: + additionalProperties: + type: string + description: 'annotations specify the annotations for the new + resource created. An annotation is an unstructured key value + map stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. annotations are not + queryable and should be preserved when modifying objects. More + info: http://kubernetes.io/docs/user-guide/annotations.' + type: object + x-kubernetes-map-type: granular + configOverrides: + description: configOverrides specify the configuration overrides + for the new resource created. This setting takes precedence + over the default configuration. + properties: + jvm: + description: jvm is a list of JVM configuration supported + by the Confluent Platform component. This will either add + or update the existing configuration. + items: + type: string + type: array + log4j: + description: log4j is a list of Log4J configuration supported + by the Confluent Platform component. This will either add + or update the existing configuration. + items: + type: string + type: array + server: + description: server is a list of server configuration supported + by the Confluent Platform component. This will either add + or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: enabled indicates whether migration of this component + is enabled. + type: boolean + labels: + additionalProperties: + type: string + description: 'labels specify the labels for the new resource created. + A label is a map of string key and value that can be used to + organize and categorize (scope and select) objects. May match + selectors of replication controllers and services. More info: + http://kubernetes.io/docs/user-guide/labels.' + type: object + x-kubernetes-map-type: granular + name: + description: name specifies the name of the component resource + to migrate. It must be unique within a namespace. Note that + the resource will be deleted once the migration is complete. + Required if this component is enabled. + type: string + namespace: + description: namespace specifies the namespace for the component + to migrate. An empty namespace is equivalent to the "default" + namespace, but `default` is the canonical representation. Not + all objects are required to be scoped to a namespace, and the + value of this field for those objects will be empty. + type: string + release: + description: release is the Helm release name for the component. + It is optional for the Kafka and Zookeeper releases. + minLength: 1 + type: string + required: + - enabled + - name + type: object + skipCleanup: + description: skipCleanup specifies whether to skip the cleanup. + type: boolean + skipRollback: + description: skipRollback specifies whether to skip the rollback. + type: boolean + zookeeper: + description: zookeeper specifies the migration job spec for Zookeeper. + properties: + annotations: + additionalProperties: + type: string + description: 'annotations specify the annotations for the new + resource created. An annotation is an unstructured key value + map stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. annotations are not + queryable and should be preserved when modifying objects. More + info: http://kubernetes.io/docs/user-guide/annotations.' + type: object + x-kubernetes-map-type: granular + configOverrides: + description: configOverrides specify the configuration overrides + for the new resource created. This setting takes precedence + over the default configuration. + properties: + jvm: + description: jvm is a list of JVM configuration supported + by the Confluent Platform component. This will either add + or update the existing configuration. + items: + type: string + type: array + log4j: + description: log4j is a list of Log4J configuration supported + by the Confluent Platform component. This will either add + or update the existing configuration. + items: + type: string + type: array + server: + description: server is a list of server configuration supported + by the Confluent Platform component. This will either add + or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: enabled indicates whether migration of this component + is enabled. + type: boolean + labels: + additionalProperties: + type: string + description: 'labels specify the labels for the new resource created. + A label is a map of string key and value that can be used to + organize and categorize (scope and select) objects. May match + selectors of replication controllers and services. More info: + http://kubernetes.io/docs/user-guide/labels.' + type: object + x-kubernetes-map-type: granular + name: + description: name specifies the name of the component resource + to migrate. It must be unique within a namespace. Note that + the resource will be deleted once the migration is complete. + Required if this component is enabled. + type: string + namespace: + description: namespace specifies the namespace for the component + to migrate. An empty namespace is equivalent to the "default" + namespace, but `default` is the canonical representation. Not + all objects are required to be scoped to a namespace, and the + value of this field for those objects will be empty. + type: string + release: + description: release is the Helm release name for the component. + It is optional for the Kafka and Zookeeper releases. + minLength: 1 + type: string + required: + - enabled + - name + type: object + required: + - initContainerImage + type: object + status: + description: status defines the observed state of the MigrationJob. + properties: + conditions: + description: conditions represents the latest available observations + of the migration job. + items: + description: Condition represent the latest available observations + of the current state. + properties: + lastProbeTime: + description: lastProbeTime shows the last time the condition + was evaluated. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime shows the last time the condition + was transitioned from one status to another. + format: date-time + type: string + message: + description: message shows a human-readable message with details + about the transition. + type: string + reason: + description: reason shows the reason for the last transition + of the condition. + type: string + status: + description: status shows the status of the condition, one of + `True`, `False`, or `Unknown`. + type: string + type: + description: type shows the condition type. + type: string + type: object + type: array + connect: + description: connect is the migration state of Connect. + properties: + message: + description: message is the message for migration. + type: string + phase: + description: phase is the migration state. + type: string + required: + - message + - phase + type: object + controlcenter: + description: controlcenter is the migration state of Control Center. + properties: + message: + description: message is the message for migration. + type: string + phase: + description: phase is the migration state. + type: string + required: + - message + - phase + type: object + kafka: + description: kafka is the migration state of Kafka. + properties: + message: + description: message is the message for migration. + type: string + phase: + description: phase is the migration state. + type: string + required: + - message + - phase + type: object + ksqldb: + description: ksqldb is the migration state of ksqlDB. + properties: + message: + description: message is the message for migration. + type: string + phase: + description: phase is the migration state. + type: string + required: + - message + - phase + type: object + phase: + description: phase is the state of the migration job. + type: string + replicator: + description: replicator is the migration state of Replicator. + properties: + message: + description: message is the message for migration. + type: string + phase: + description: phase is the migration state. + type: string + required: + - message + - phase + type: object + schemaRegistry: + description: schemaRegistry is the migration state of Schema Registry. + properties: + message: + description: message is the message for migration. + type: string + phase: + description: phase is the migration state. + type: string + required: + - message + - phase + type: object + zookeeper: + description: zookeeper is the migration state of Zookeeper. + properties: + message: + description: message is the message for migration. + type: string + phase: + description: phase is the migration state. + type: string + required: + - message + - phase + type: object + required: + - phase + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.3.0/crds/platform.confluent.io_schemaexporters.yaml b/base/cfk-base/2.3.0/crds/platform.confluent.io_schemaexporters.yaml new file mode 100644 index 0000000..63542ba --- /dev/null +++ b/base/cfk-base/2.3.0/crds/platform.confluent.io_schemaexporters.yaml @@ -0,0 +1,497 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_schemaexporters.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + name: schemaexporters.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: SchemaExporter + listKind: SchemaExporterList + plural: schemaexporters + shortNames: + - se + - schemaexporter + singular: schemaexporter + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.contextName + name: ContextName + type: string + - jsonPath: .status.exporterStatus + name: ExporterStatus + type: string + - jsonPath: .status.state + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.sourceSchemaRegistry.endpoint + name: SourceSchemaRegistryEndpoint + priority: 1 + type: string + - jsonPath: .status.destinationSchemaRegistry.endpoint + name: DestinationSchemaRegistryEndpoint + priority: 1 + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: SchemaExporter is the schema for the SchemaExporter API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec defines the desired state of the schema exporter. + properties: + configs: + additionalProperties: + type: string + description: 'configs is a map of string key and value pairs. It specifies + additional configurations for the schema exporter. More info: https://docs.confluent.io/platform/current/schema-registry/schema-linking-cp.html#create-a-configuration-file-for-the-exporter' + type: object + x-kubernetes-map-type: granular + contextName: + description: contextName specifies the custom context name in the + destination Schema Registry cluster where the schemas will be exported. + If this is defined, contextType will be ignored. If this is not + defined, schemas will be exported to context in destination based + on contextType. + type: string + contextType: + description: contextType specifies the type of context created in + the destination Schema Registry cluster of the schema exporter. + Valid options are `AUTO` and `NONE`. The default value is `AUTO`. + enum: + - AUTO + - NONE + type: string + destinationCluster: + description: destinationCluster specifies the destination Schema Registry + cluster. If this is not defined, sourceCluster is chosen as the + destination and the schema exporter will be exporting schemas across + contexts within the sourceCluster. Schema exporter should be enabled + in Schema Registry cluster CR with `spec.enableSchemaExporter`. + properties: + schemaRegistryClusterRef: + description: schemaRegistryClusterRef references the CFK-managed + Schema Registry cluster. + properties: + name: + description: name specifies the name of the Confluent Platform + component cluster. + type: string + namespace: + description: namespace specifies the namespace where the Confluent + Platform component cluster is running. + type: string + required: + - name + type: object + schemaRegistryRest: + description: schemaRegistryRest specifies the Schema Registry + REST API configuration. + properties: + authentication: + description: authentication specifies the REST API authentication + mechanism. + properties: + basic: + description: basic specifies the basic authentication + settings for the REST API client. + properties: + debug: + description: debug enables the basic authentication + debug logs for JaaS configuration. + type: boolean + directoryPathInContainer: + description: 'directoryPathInContainer allows to pass + the basic credential through a directory path in + the container. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + minLength: 1 + type: string + restrictedRoles: + description: restrictedRoles specify the restricted + roles on the server side only. Changes will be only + reflected in Control Center. This configuration + is ignored on the client side configuration. + items: + type: string + minItems: 1 + type: array + roles: + description: roles specify the roles on the server + side only. This configuration is ignored on the + client side configuration. + items: + type: string + type: array + secretRef: + description: 'secretRef defines secret reference to + pass the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + bearer: + description: bearer specifies the bearer authentication + settings for the REST API client. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the + directory path in the container where the credential + is mounted. + minLength: 1 + type: string + secretRef: + description: 'secretRef specifies the name of the + secret that contains the credential. More info: + https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the REST API authentication + type. Valid options are `basic`, `bearer`, and `mtls`. + enum: + - basic + - bearer + - mtls + type: string + required: + - type + type: object + endpoint: + description: endpoint specifies where Confluent REST API is + running. + minLength: 1 + pattern: ^https?://.* + type: string + kafkaClusterID: + description: kafkaClusterID specifies the id of Kafka cluster. + It takes precedence over using the Kafka REST API to get + the cluster id. + minLength: 1 + type: string + tls: + description: tls specifies the custom TLS structure for the + application resources, e.g. connector, topic, schema, of + the Confluent Platform components. + properties: + directoryPathInContainer: + description: directoryPathInContainer contains the directory + path in the container where `keystore.jks`, `truststore.jks`, + `jksPassword.txt` keys are mounted. + minLength: 1 + type: string + jksPassword: + description: jksPassword specifies the secret name that + contains the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the + secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef specifies the secret name that + contains the certificates. More info about certificates + key/value format: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: object + type: object + sourceCluster: + description: sourceCluster specifies the source Schema Registry cluster. + Schema exporter will be set up in the source cluster. If this is + not defined, controller will try to auto discover Schema Registry + in the namespace of the schema exporter. If it cannot discover a + Schema Registry cluster or more than one Schema Registry clusters + are found, controller will return error. Schema exporter should + be enabled in Schema Registry cluster CR with `spec.enableSchemaExporter`. + properties: + schemaRegistryClusterRef: + description: schemaRegistryClusterRef references the CFK-managed + Schema Registry cluster. + properties: + name: + description: name specifies the name of the Confluent Platform + component cluster. + type: string + namespace: + description: namespace specifies the namespace where the Confluent + Platform component cluster is running. + type: string + required: + - name + type: object + schemaRegistryRest: + description: schemaRegistryRest specifies the Schema Registry + REST API configuration. + properties: + authentication: + description: authentication specifies the REST API authentication + mechanism. + properties: + basic: + description: basic specifies the basic authentication + settings for the REST API client. + properties: + debug: + description: debug enables the basic authentication + debug logs for JaaS configuration. + type: boolean + directoryPathInContainer: + description: 'directoryPathInContainer allows to pass + the basic credential through a directory path in + the container. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + minLength: 1 + type: string + restrictedRoles: + description: restrictedRoles specify the restricted + roles on the server side only. Changes will be only + reflected in Control Center. This configuration + is ignored on the client side configuration. + items: + type: string + minItems: 1 + type: array + roles: + description: roles specify the roles on the server + side only. This configuration is ignored on the + client side configuration. + items: + type: string + type: array + secretRef: + description: 'secretRef defines secret reference to + pass the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + bearer: + description: bearer specifies the bearer authentication + settings for the REST API client. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the + directory path in the container where the credential + is mounted. + minLength: 1 + type: string + secretRef: + description: 'secretRef specifies the name of the + secret that contains the credential. More info: + https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the REST API authentication + type. Valid options are `basic`, `bearer`, and `mtls`. + enum: + - basic + - bearer + - mtls + type: string + required: + - type + type: object + endpoint: + description: endpoint specifies where Confluent REST API is + running. + minLength: 1 + pattern: ^https?://.* + type: string + kafkaClusterID: + description: kafkaClusterID specifies the id of Kafka cluster. + It takes precedence over using the Kafka REST API to get + the cluster id. + minLength: 1 + type: string + tls: + description: tls specifies the custom TLS structure for the + application resources, e.g. connector, topic, schema, of + the Confluent Platform components. + properties: + directoryPathInContainer: + description: directoryPathInContainer contains the directory + path in the container where `keystore.jks`, `truststore.jks`, + `jksPassword.txt` keys are mounted. + minLength: 1 + type: string + jksPassword: + description: jksPassword specifies the secret name that + contains the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the + secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef specifies the secret name that + contains the certificates. More info about certificates + key/value format: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: object + type: object + subjectRenameFormat: + description: subjectRenameFormat specifies the rename format for the + subjects exported to the destination. For example, if the value + is `my-${subject}`, subjects at destination will become `my-firstSubject` + where `firstSubject` is the original subject name. + type: string + subjects: + description: subjects specifies the list of subjects to be exported + by schema exporter. The default value is `["*"]`. This indicates + all subjects in the default context. + items: + type: string + type: array + type: object + status: + description: status defines the observed state of the schema exporter. + properties: + conditions: + description: conditions are the latest available observations of the + schema exporter's state. + items: + description: Condition represent the latest available observations + of the current state. + properties: + lastProbeTime: + description: lastProbeTime shows the last time the condition + was evaluated. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime shows the last time the condition + was transitioned from one status to another. + format: date-time + type: string + message: + description: message shows a human-readable message with details + about the transition. + type: string + reason: + description: reason shows the reason for the last transition + of the condition. + type: string + status: + description: status shows the status of the condition, one of + `True`, `False`, or `Unknown`. + type: string + type: + description: type shows the condition type. + type: string + type: object + type: array + contextName: + description: contextName shows the name of the context in the destination + Schema Registry cluster where the schemas will be exported. + type: string + contextType: + description: contextType is the contextType of the schema exporter. + type: string + destinationSchemaRegistry: + description: destinationSchemaRegistry shows the destination Schema + Registry endpoint, authentication type and if it is using TLS. + properties: + authenticationType: + description: authenticationType is the authentication method used + for Schema Registry. + type: string + endpoint: + description: endpoint is the Schema Registry REST endpoint. + type: string + tls: + description: tls shows whether the Schema Registry is using TLS. + type: boolean + type: object + exporterStatus: + description: exporterStatus is the status of the schema exporter. + type: string + sourceSchemaRegistry: + description: sourceSchemaRegistry shows the source Schema Registry + endpoint, authentication type and if it is using TLS. + properties: + authenticationType: + description: authenticationType is the authentication method used + for Schema Registry. + type: string + endpoint: + description: endpoint is the Schema Registry REST endpoint. + type: string + tls: + description: tls shows whether the Schema Registry is using TLS. + type: boolean + type: object + state: + description: state is the current state of the schema exporter. + type: string + subjects: + description: subjects is the list of subjects exported by the schema + exporter. + items: + type: string + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.3.0/crds/platform.confluent.io_schemaregistries.yaml b/base/cfk-base/2.3.0/crds/platform.confluent.io_schemaregistries.yaml new file mode 100644 index 0000000..11523a4 --- /dev/null +++ b/base/cfk-base/2.3.0/crds/platform.confluent.io_schemaregistries.yaml @@ -0,0 +1,4536 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_schemaregistries.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + name: schemaregistries.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: SchemaRegistry + listKind: SchemaRegistryList + plural: schemaregistries + shortNames: + - schemaregistry + - sr + singular: schemaregistry + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.replicas + name: Replicas + type: string + - jsonPath: .status.readyReplicas + name: Ready + type: string + - jsonPath: .status.phase + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.kafka.bootstrapEndpoint + name: Kafka + priority: 1 + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: SchemaRegistry is the schema for the Schema Registry API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec defines the desired state of the Schema Registry cluster. + properties: + authentication: + description: authentication specifies the authentication configurations + for the REST API endpoint. + properties: + basic: + description: basic specifies the configuration for basic authentication. + properties: + debug: + description: debug enables the basic authentication debug + logs for JaaS configuration. + type: boolean + directoryPathInContainer: + description: 'directoryPathInContainer allows to pass the + basic credential through a directory path in the container. + More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + minLength: 1 + type: string + restrictedRoles: + description: restrictedRoles specify the restricted roles + on the server side only. Changes will be only reflected + in Control Center. This configuration is ignored on the + client side configuration. + items: + type: string + minItems: 1 + type: array + roles: + description: roles specify the roles on the server side only. + This configuration is ignored on the client side configuration. + items: + type: string + type: array + secretRef: + description: 'secretRef defines secret reference to pass the + required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the authentication scheme for the + REST API server. Valid options are `basic` and `mtls`. + enum: + - basic + - mtls + type: string + required: + - type + type: object + authorization: + description: authorization specifies the authorization configurations. + properties: + kafkaRestClassRef: + description: kafkaRestClassRef references the KafkaRestClass which + specifies the Kafka REST API connection configuration. + properties: + name: + description: name specifies the name of the KafkaRestClass + application resource. + minLength: 1 + type: string + namespace: + description: namespace specifies the namespace of the KafkaRestClass. + type: string + required: + - name + type: object + type: + description: type specifies the client-side authorization type. + The valid option is `rbac`. + enum: + - rbac + type: string + required: + - type + type: object + configOverrides: + description: configOverrides specifies the configs to override the + server, JVM, Log4j properties for the Schema Registry cluster. A + change will roll the cluster. + properties: + jvm: + description: jvm is a list of JVM configuration supported by the + Confluent Platform component. This will either add or update + the existing configuration. + items: + type: string + type: array + log4j: + description: log4j is a list of Log4J configuration supported + by the Confluent Platform component. This will either add or + update the existing configuration. + items: + type: string + type: array + server: + description: server is a list of server configuration supported + by the Confluent Platform component. This will either add or + update existing configuration. + items: + type: string + type: array + type: object + dependencies: + description: dependencies specify the dependency configurations for + the Schema Registry. + properties: + kafka: + description: kafka specifies the Kafka dependency configuration. + properties: + authentication: + description: authentication defines the authentication for + the Kafka cluster. + properties: + jaasConfig: + description: jaasConfig specifies the Kafka client-side + JaaS configuration. + properties: + secretRef: + description: 'secretRef references the secret containing + the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: jaasConfigPassThrough specifies another way + to provide the Kafka client-side JaaS configuration. + properties: + directoryPathInContainer: + description: 'directoryPathInContainer specifies the + directory path in the container where required credentials + are mounted. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + minLength: 1 + type: string + secretRef: + description: 'secretRef references the secret containing + the required credentials for authentication. More + info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + oauthbearer: + description: oauthbearer is the authentication mechanism + to provider principals. Only supported in RBAC deployment. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the + directory path in the container where the credential + is mounted. + minLength: 1 + type: string + secretRef: + description: 'secretRef specifies the name of the + secret that contains the credential. More info: + https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the Kafka client authentication + type. Valid options are `plain`, `oauthbearer`, `digest`, + and `mtls`. + enum: + - plain + - oauthbearer + - digest + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: bootstrapEndpoint specifies the Kafka bootstrap + endpoint. + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: discovery specifies the capability to discover + the Kafka cluster. + properties: + name: + description: name is the name of the Confluent Platform + component cluster. + type: string + namespace: + description: namespace is where the Confluent Platform + component is running. The default value is the namespace + where CFK is running. + type: string + secretRef: + description: secretRef is the name of the secret used + to discover the Confluent Platform component. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: tls defines the client-side TLS setting for the + Kafka cluster. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the + secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: mds specifies the MDS dependencies configurations. + properties: + authentication: + description: authentication specifies the client side authentication + configuration for the MDS. + properties: + bearer: + description: bearer specifies the bearer authentication + settings. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the + directory path in the container where the credential + is mounted. + minLength: 1 + type: string + secretRef: + description: 'secretRef specifies the name of the + secret that contains the credential. More info: + https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the authentication method + for the MDS. The valid option is `bearer`. + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: endpoint specifies the MDS endpoint. + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: ClientTLSConfig specifies the TLS configuration + for the Confluent component (dependencies, listeners). + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether + to ignore the truststore configuration for the Confluent + component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the + secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing + the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: tokenKeyPair specifies the token keypair to configure + the MDS. + properties: + directoryPathInContainer: + description: directoryPathInContainer defines the directory + path in the container where the MDS token key pair are + mounted. + minLength: 1 + type: string + secretRef: + description: secretRef references the name of the secret + that contains the MDS token key pair. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - authentication + - endpoint + - tokenKeyPair + type: object + type: object + enableSchemaExporter: + description: enableSchemaExporter enables schema exporter in the Schema + Registry. + type: boolean + externalAccess: + description: externalAccess specifies the external access configuration. + properties: + loadBalancer: + description: loadBalancer specifies the configuration to create + a Kubernetes load balancer service. + properties: + advertisedURL: + description: 'advertisedURL specifies the configuration for + advertised listener per pod. It is only supported for MDS + currently. If it is enabled, instead of using internal endpoint, + the MDS advertised listener for each broker will be set + to: `://.` + where podId starts from `0` to `replicaCount -1`. This is + only recommended if you cannot add internal SANs to the + TLS certificates for MDS and the external DNS must be resolved + inside the Kubernetes cluster.' + properties: + enabled: + description: enabled indicates whether to set the MDS + advertised listener url with external endpoint for each + broker. + type: boolean + prefix: + description: prefix specifies the broker prefix for MDS + advertised endpoint if using loadBalancer external access. + If not configured, it uses `b` as default prefix, such + as `b#.domain` where `#` will start from `0` to `replicaCount + -1`. + minLength: 1 + type: string + required: + - enabled + type: object + annotations: + additionalProperties: + type: string + description: annotations is a map of string key and value + pairs. It specifies Kubernetes annotations for the load + balancer service. + type: object + x-kubernetes-map-type: granular + domain: + description: domain is the domain name of the component cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: externalTrafficPolicy specifies the external + traffic policy for the service. Valid options are `Local` + and `Cluster`. + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: loadBalancerSourceRanges specify the source ranges. + items: + type: string + type: array + port: + description: port specifies the external port for the client + consumption. If not configured, the same internal/external + port is configured for the component. Information about + the port can be retrieved through the status API. + format: int32 + type: integer + prefix: + description: prefix specify the prefix for the given domain. + The default value is the name of the cluster. + minLength: 1 + type: string + servicePorts: + description: servicePorts specify the user-provided service + port(s). + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard service + names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in + the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type is NodePort or LoadBalancer. Usually + assigned by the system. If a value is specified, in-range, + and not in use it will be used, otherwise the operation + will fail. If not specified, a port will be allocated + if this Service requires one. If this field is specified + when creating a Service which does not need it, creation + will fail. This field will be wiped when updating + a Service to no longer need it (e.g. changing type + from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this + is not specified, the value of the ''port'' field + is used (an identity map). This field is ignored for + services with clusterIP=None, and should be omitted + or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'sessionAffinity defines the Kubernetes session + affinity. The valid options are `ClientIP` and `None`. `ClientIP` + enables the client IP-based session affinity. The default + value is `None`. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of the session affinity. + properties: + clientIP: + description: clientIP contains the configurations of Client + IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - domain + type: object + nodePort: + description: nodePort specifies the configuration to create a + Kubernetes node port service. + properties: + advertisedURL: + description: advertisedURL specifies the configuration for + advertised listener per pod. It is only supported for MDS + currently. If it is enabled, instead of using internal endpoint, + the MDS advertised listener for each broker will be set + to `://:, + where`podId` starts from `0` to `replicaCount - 1`. This + is only recommended if you cannot add internal SANs to the + TLS certificates for MDS and the external DNS must be resolved + inside the Kubernetes cluster. + properties: + enabled: + description: enabled indicates whether to set the MDS + advertised listener url with external endpoint for each + broker. + type: boolean + prefix: + description: prefix specifies the broker prefix for MDS + advertised endpoint if using loadBalancer external access. + If not configured, it uses `b` as default prefix, such + as `b#.domain` where `#` will start from `0` to `replicaCount + -1`. + minLength: 1 + type: string + required: + - enabled + type: object + annotations: + additionalProperties: + type: string + description: annotations is a map of string key and value + pairs that contains Kubernetes annotations for the node + port service. + type: object + x-kubernetes-map-type: granular + externalTrafficPolicy: + description: externalTrafficPolicy specifies the external + traffic policy for the service. Valid options are `Local` + and `Cluster`. + enum: + - Local + - Cluster + type: string + host: + description: host defines the host name of the cluster. + minLength: 1 + type: string + nodePortOffset: + description: nodePortOffset specifies the starting offset + of the node ports. The port numbers go in ascending order + with respect to the replicas count. NodePort service creation + fails if the node port is not in the range supported by + the Kubernetes API server. The default Kubernetes Node Port + range is `30000` - `32762`. + format: int32 + minimum: 0 + type: integer + servicePorts: + description: servicePorts specify user-provided service port(s). + For Kafka with the nodePort type, this setting is only applied + to Kafka bootstrap service. + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard service + names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in + the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type is NodePort or LoadBalancer. Usually + assigned by the system. If a value is specified, in-range, + and not in use it will be used, otherwise the operation + will fail. If not specified, a port will be allocated + if this Service requires one. If this field is specified + when creating a Service which does not need it, creation + will fail. This field will be wiped when updating + a Service to no longer need it (e.g. changing type + from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this + is not specified, the value of the ''port'' field + is used (an identity map). This field is ignored for + services with clusterIP=None, and should be omitted + or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + sessionAffinity: + description: 'sessionAffinity defines the Kubernetes session + affinity. The valid options are `ClientIP` and `None`. `ClientIP` + enables the client IP-based session affinity. The default + value is `None`. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.' + enum: + - ClientIP + - None + type: string + sessionAffinityConfig: + description: SessionAffinityConfig contains the configurations + of the session affinity. + properties: + clientIP: + description: clientIP contains the configurations of Client + IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + required: + - host + - nodePortOffset + type: object + route: + description: route specifies the configuration to create a route + service in OpenShift. + properties: + annotations: + additionalProperties: + type: string + description: annotations is a map of string key and value + pairs that contains Kubernetes annotations for the route + services. + type: object + x-kubernetes-map-type: granular + domain: + description: domain specifies the domain name of the Confluent + component cluster. + minLength: 1 + type: string + prefix: + description: prefix specifies the component prefix when configured + for the domain. The default value is the name of the cluster. + minLength: 1 + type: string + wildcardPolicy: + description: wildcardPolicy allows you to define a route that + covers all hosts within a domain. Valid options are `Subdomain` + and `None`. The default value is `None`. + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: type specifies the Kubernetes external service for + the component. Valid options are `loadBalancer`, `nodePort`, + and `route`. + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + headlessService: + description: headlessService specifies the configuration of the Kubernetes + headless service. + properties: + annotations: + additionalProperties: + type: string + description: annotations is a map of string key and value pairs. + It specifies the annotations to be added to the CFK-created + headless service. These annotations are merged with the injectAnnotations + and take precedence. + type: object + x-kubernetes-map-type: granular + labels: + additionalProperties: + type: string + description: labels is a map of string key and value pairs. It + specifies the labels to be added to the CFK-created headless + service. These labels are merged with the injectLabels and take + precedence. + type: object + x-kubernetes-map-type: granular + publishNotReadyAddresses: + description: publishNotReadyAddresses specifies the publishNotReadyAddresses + field. For Kafka, this value must be true. The default value + is true. + type: boolean + type: object + image: + description: image specifies the application and the init docker image + configurations. A change to this setting will roll the cluster. + properties: + application: + description: application is the Docker image name of the application. + Specify `//:`. + pattern: .+:.+ + type: string + init: + description: init is the init-container name. Specify `//:`. + pattern: .+:.+ + type: string + pullPolicy: + description: pullPolicy is the policy for pulling images. Valid + options are `Always`, `Never`, and `IfNotPresent`. The default + value is `IfNotPresent`. + enum: + - Always + - Never + - IfNotPresent + type: string + pullSecretRef: + description: 'pullSecretRef references the secrets in the same + namespace to be used for pulling images. Image pull secrets + are distinct from secrets because secrets can be mounted in + the pod, but image pull secrets are only accessed by `kubelet`. + More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: injectAnnotations are the annotations injected to the + internal resources that CFK created. The internal annotations are + preserved and cannot be overridden. For pod annotations, use `podTemplate.annotations`. + type: object + x-kubernetes-map-type: granular + injectLabels: + additionalProperties: + type: string + description: injectLabels are the labels injected to the internal + resources that CFK created. The internal labels are preserved and + cannot be overridden. For pod labels, use `podTemplate.labels`. + type: object + x-kubernetes-map-type: granular + internalTopicReplicatorFactor: + description: internalTopicReplicatorFactor specifies the replication + factor for internal topics. + format: int32 + minimum: 1 + type: integer + k8sClusterDomain: + description: k8sClusterDomain specifies the configuration of the Kubernetes + cluster domain. The default is the `cluster.local` domain. + type: string + license: + description: license specifies the license configuration for the Confluent + Platform component. + properties: + directoryPathInContainer: + description: 'directoryPathInContainer specifies the directory + path in the container where the license key is mounted. More + info: https://docs.confluent.io/operator/current/co-license.html#update-component-level-licenses' + minLength: 1 + type: string + globalLicense: + description: globalLicense specifies whether the Confluent Platform + component shares the CFK license. + type: boolean + secretRef: + description: 'secretRef references the secret that provides the + license for the Confluent Platform component. More info: https://docs.confluent.io/operator/current/co-license.html#update-component-level-licenses' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + metrics: + description: metrics specify the security settings for the metric + services. + properties: + authentication: + description: authentication specifies the authentication configuration + for the metrics. + properties: + type: + description: type specifies the metrics authentication method. + The valid option is `mtls`. + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: prometheus specifies the configuration overrides + for the JMX-Prometheus exporter. + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Rule defines the Prometheus Exporter rule override. + properties: + attrNameSnakeCase: + type: boolean + cache: + type: boolean + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + anyOf: + - type: integer + - type: string + default: 1 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: tls specifies the TLS configuration for the metrics. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether to ignore + the truststore configuration for the Confluent component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the secret + containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing the + certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: 'mountedSecrets list the secrets injected to the underlying + statefulset configuration. The secret reference is mounted in the + default path `/mnt/secrets/`. The underlying resources + will follow the secret as a file configuration. More info: https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod. + A change to this setting will roll the cluster.' + items: + description: MountedSecrets provides a way to inject a custom secret + to the underlying statefulset. + properties: + keyItems: + description: keyItems are key and path names. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions + on this file. Must be an octal value between 0000 and + 0777 or a decimal value between 0 and 511. YAML accepts + both octal and decimal values, JSON requires decimal + values for mode bits. If not specified, the volume defaultMode + will be used. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: secretRef references the name of the secret. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + mountedVolumes: + description: mountedVolumes list the custom volumes that need to be + mounted into the underlying statefulset. A change to this setting + will roll the cluster. + properties: + volumeMounts: + description: volumeMounts specify the list of volume mounts for + the pods in the statefulset. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + description: volumes specify the list of volumes that can be mounted + into the pods of statefulset. + items: + description: Volume represents a named volume in a pod that + may be accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'AWSElasticBlockStore represents an AWS Disk + resource that is attached to a kubelet''s host machine + and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'Filesystem type of the volume that you + want to mount. Tip: Ensure that the filesystem type + is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + partition: + description: 'The partition in the volume that you want + to mount. If omitted, the default is to mount by volume + name. Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume partition + for /dev/sda is "0" (or you can leave the property + empty).' + format: int32 + type: integer + readOnly: + description: 'Specify "true" to force and set the ReadOnly + property in VolumeMounts to "true". If omitted, the + default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'Unique ID of the persistent disk resource + in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: AzureDisk represents an Azure Data Disk mount + on the host and bind mount to the pod. + properties: + cachingMode: + description: 'Host Caching mode: None, Read Only, Read + Write.' + type: string + diskName: + description: The Name of the data disk in the blob storage + type: string + diskURI: + description: The URI the data disk in the blob storage + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if + unspecified. + type: string + kind: + description: 'Expected values Shared: multiple blob + disks per storage account Dedicated: single blob + disk per storage account Managed: azure managed data + disk (only in managed availability set). defaults + to shared' + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: AzureFile represents an Azure File Service + mount on the host and bind mount to the pod. + properties: + readOnly: + description: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: the name of secret that contains Azure + Storage Account Name and Key + type: string + shareName: + description: Share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: CephFS represents a Ceph FS mount on the host + that shares a pod's lifetime + properties: + monitors: + description: 'Required: Monitors is a collection of + Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'Optional: Used as the mounted root, rather + than the full Ceph tree, default is /' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'Optional: SecretFile is the path to key + ring for User, default is /etc/ceph/user.secret More + info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'Optional: SecretRef is reference to the + authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + user: + description: 'Optional: User is the rados user name, + default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'Cinder represents a cinder volume attached + and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'Optional: points to a secret object containing + parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + volumeID: + description: 'volume id used to identify the volume + in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: ConfigMap represents a configMap that should + populate this volume + properties: + defaultMode: + description: 'Optional: mode bits used to set permissions + on created files by default. Must be an octal value + between 0000 and 0777 or a decimal value between 0 + and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults + to 0644. Directories within the path are not affected + by this setting. This might be in conflict with other + options that affect the file mode, like fsGroup, and + the result can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in + the Data field of the referenced ConfigMap will be + projected into the volume as a file whose name is + the key and content is the value. If specified, the + listed keys will be projected into the specified paths, + and unlisted keys will not be present. If a key is + specified which is not present in the ConfigMap, the + volume setup will error unless it is marked optional. + Paths must be relative and may not contain the '..' + path or start with '..'. + items: + description: Maps a string key to a path within a + volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set + permissions on this file. Must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal + values, JSON requires decimal values for mode + bits. If not specified, the volume defaultMode + will be used. This might be in conflict with + other options that affect the file mode, like + fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + path: + description: The relative path of the file to + map the key to. May not be an absolute path. + May not contain the path element '..'. May not + start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys + must be defined + type: boolean + type: object + csi: + description: CSI (Container Storage Interface) represents + ephemeral storage that is handled by certain external + CSI drivers (Beta feature). + properties: + driver: + description: Driver is the name of the CSI driver that + handles this volume. Consult with your admin for the + correct name as registered in the cluster. + type: string + fsType: + description: Filesystem type to mount. Ex. "ext4", "xfs", + "ntfs". If not provided, the empty value is passed + to the associated CSI driver which will determine + the default filesystem to apply. + type: string + nodePublishSecretRef: + description: NodePublishSecretRef is a reference to + the secret object containing sensitive information + to pass to the CSI driver to complete the CSI NodePublishVolume + and NodeUnpublishVolume calls. This field is optional, + and may be empty if no secret is required. If the + secret object contains more than one secret, all secret + references are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + readOnly: + description: Specifies a read-only configuration for + the volume. Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: VolumeAttributes stores driver-specific + properties that are passed to the CSI driver. Consult + your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: DownwardAPI represents downward API about the + pod that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created + files by default. Must be a Optional: mode bits used + to set permissions on created files by default. Must + be an octal value between 0000 and 0777 or a decimal + value between 0 and 511. YAML accepts both octal and + decimal values, JSON requires decimal values for mode + bits. Defaults to 0644. Directories within the path + are not affected by this setting. This might be in + conflict with other options that affect the file mode, + like fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume + file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the + pod: only annotations, labels, name and namespace + are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits used to set + permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal + values, JSON requires decimal values for mode + bits. If not specified, the volume defaultMode + will be used. This might be in conflict with + other options that affect the file mode, like + fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must not + be absolute or contain the ''..'' path. Must + be utf-8 encoded. The first item of the relative + path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'EmptyDir represents a temporary directory + that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'What type of storage medium should back + this directory. The default is "" which means to use + the node''s default medium. Must be an empty string + (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'Total amount of local storage required + for this EmptyDir volume. The size limit is also applicable + for memory medium. The maximum usage on memory medium + EmptyDir would be the minimum value between the SizeLimit + specified here and the sum of memory limits of all + containers in a pod. The default is nil which means + that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: "Ephemeral represents a volume that is handled + by a cluster storage driver. The volume's lifecycle is + tied to the pod that defines it - it will be created before + the pod starts, and deleted when the pod is removed. \n + Use this if: a) the volume is only needed while the pod + runs, b) features of normal volumes like restoring from + snapshot or capacity tracking are needed, c) the storage + driver is specified through a storage class, and d) the + storage driver supports dynamic volume provisioning through + \ a PersistentVolumeClaim (see EphemeralVolumeSource + for more information on the connection between this + volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim + or one of the vendor-specific APIs for volumes that persist + for longer than the lifecycle of an individual pod. \n + Use CSI for light-weight local ephemeral volumes if the + CSI driver is meant to be used that way - see the documentation + of the driver for more information. \n A pod can use both + types of ephemeral volumes and persistent volumes at the + same time." + properties: + volumeClaimTemplate: + description: "Will be used to create a stand-alone PVC + to provision the volume. The pod in which this EphemeralVolumeSource + is embedded will be the owner of the PVC, i.e. the + PVC will be deleted together with the pod. The name + of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` + array entry. Pod validation will reject the pod if + the concatenated name is not valid for a PVC (for + example, too long). \n An existing PVC with that name + that is not owned by the pod will *not* be used for + the pod to avoid using an unrelated volume by mistake. + Starting the pod is then blocked until the unrelated + PVC is removed. If such a pre-created PVC is meant + to be used by the pod, the PVC has to updated with + an owner reference to the pod once the pod exists. + Normally this should not be necessary, but it may + be useful when manually reconstructing a broken cluster. + \n This field is read-only and no changes will be + made by Kubernetes to the PVC after it has been created. + \n Required, must not be nil." + properties: + metadata: + description: May contain labels and annotations + that will be copied into the PVC when creating + it. No other fields are allowed and will be rejected + during validation. + type: object + spec: + description: The specification for the PersistentVolumeClaim. + The entire content is copied unchanged into the + PVC that gets created from this template. The + same fields as in a PersistentVolumeClaim are + also valid here. + properties: + accessModes: + description: 'AccessModes contains the desired + access modes the volume should have. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'This field can be used to specify + either: * An existing VolumeSnapshot object + (snapshot.storage.k8s.io/VolumeSnapshot) * + An existing PVC (PersistentVolumeClaim) If + the provisioner or an external controller + can support the specified data source, it + will create a new volume based on the contents + of the specified data source. If the AnyVolumeDataSource + feature gate is enabled, this field will always + have the same contents as the DataSourceRef + field.' + properties: + apiGroup: + description: APIGroup is the group for the + resource being referenced. If APIGroup + is not specified, the specified Kind must + be in the core API group. For any other + third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + dataSourceRef: + description: 'Specifies the object from which + to populate the volume with data, if a non-empty + volume is desired. This may be any local object + from a non-empty API group (non core object) + or a PersistentVolumeClaim object. When this + field is specified, volume binding will only + succeed if the type of the specified object + matches some installed volume populator or + dynamic provisioner. This field will replace + the functionality of the DataSource field + and as such if both fields are non-empty, + they must have the same value. For backwards + compatibility, both fields (DataSource and + DataSourceRef) will be set to the same value + automatically if one of them is empty and + the other is non-empty. There are two important + differences between DataSource and DataSourceRef: + * While DataSource only allows two specific + types of objects, DataSourceRef allows any + non-core object, as well as PersistentVolumeClaim + objects. * While DataSource ignores disallowed + values (dropping them), DataSourceRef preserves + all values, and generates an error if a disallowed + value is specified. (Alpha) Using this field + requires the AnyVolumeDataSource feature gate + to be enabled.' + properties: + apiGroup: + description: APIGroup is the group for the + resource being referenced. If APIGroup + is not specified, the specified Kind must + be in the core API group. For any other + third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + resources: + description: 'Resources represents the minimum + resources the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify + resource requirements that are lower than + previous value but must still be higher than + capacity recorded in the status field of the + claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. + If Requests is omitted for a container, + it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: A label query over volumes to consider + for binding. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'Name of the StorageClass required + by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of + volume is required by the claim. Value of + Filesystem is implied when not included in + claim spec. + type: string + volumeName: + description: VolumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: FC represents a Fibre Channel resource that + is attached to a kubelet's host machine and then exposed + to the pod. + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if + unspecified. TODO: how do we prevent errors in the + filesystem from compromising the machine' + type: string + lun: + description: 'Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'Optional: FC target worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: 'Optional: FC volume world wide identifiers + (wwids) Either wwids or combination of targetWWNs + and lun must be set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: FlexVolume represents a generic volume resource + that is provisioned/attached using an exec based plugin. + properties: + driver: + description: Driver is the name of the driver to use + for this volume. + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". The default filesystem depends on FlexVolume + script. + type: string + options: + additionalProperties: + type: string + description: 'Optional: Extra command options if any.' + type: object + readOnly: + description: 'Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'Optional: SecretRef is reference to the + secret object containing sensitive information to + pass to the plugin scripts. This may be empty if no + secret object is specified. If the secret object contains + more than one secret, all secrets are passed to the + plugin scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + required: + - driver + type: object + flocker: + description: Flocker represents a Flocker volume attached + to a kubelet's host machine. This depends on the Flocker + control service being running + properties: + datasetName: + description: Name of the dataset stored as metadata + -> name on the dataset for Flocker should be considered + as deprecated + type: string + datasetUUID: + description: UUID of the dataset. This is unique identifier + of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'GCEPersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then + exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'Filesystem type of the volume that you + want to mount. Tip: Ensure that the filesystem type + is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + partition: + description: 'The partition in the volume that you want + to mount. If omitted, the default is to mount by volume + name. Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume partition + for /dev/sda is "0" (or you can leave the property + empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'Unique name of the PD resource in GCE. + Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly + setting in VolumeMounts. Defaults to false. More info: + https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'GitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision + a container with a git repo, mount an EmptyDir into an + InitContainer that clones the repo using git, then mount + the EmptyDir into the Pod''s container.' + properties: + directory: + description: Target directory name. Must not contain + or start with '..'. If '.' is supplied, the volume + directory will be the git repository. Otherwise, + if specified, the volume will contain the git repository + in the subdirectory with the given name. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'Glusterfs represents a Glusterfs mount on + the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'EndpointsName is the endpoint name that + details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'Path is the Glusterfs volume path. More + info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'ReadOnly here will force the Glusterfs + volume to be mounted with read-only permissions. Defaults + to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'HostPath represents a pre-existing file or + directory on the host machine that is directly exposed + to the container. This is generally used for system agents + or other privileged things that are allowed to see the + host machine. Most containers will NOT need this. More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host + directory mounts and who can/can not mount host directories + as read/write.' + properties: + path: + description: 'Path of the directory on the host. If + the path is a symlink, it will follow the link to + the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'Type for HostPath Volume Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'ISCSI represents an ISCSI Disk resource that + is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: whether support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: whether support iSCSI Session CHAP authentication + type: boolean + fsType: + description: 'Filesystem type of the volume that you + want to mount. Tip: Ensure that the filesystem type + is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + initiatorName: + description: Custom iSCSI Initiator Name. If initiatorName + is specified with iscsiInterface simultaneously, new + iSCSI interface : will + be created for the connection. + type: string + iqn: + description: Target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iSCSI Interface Name that uses an iSCSI + transport. Defaults to 'default' (tcp). + type: string + lun: + description: iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: iSCSI Target Portal List. The portal is + either an IP or ip_addr:port if the port is other + than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: CHAP Secret for iSCSI target and initiator + authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + targetPortal: + description: iSCSI Target Portal. The Portal is either + an IP or ip_addr:port if the port is other than default + (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique + within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'NFS represents an NFS mount on the host that + shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'Path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'ReadOnly here will force the NFS export + to be mounted with read-only permissions. Defaults + to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'Server is the hostname or IP address of + the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'PersistentVolumeClaimVolumeSource represents + a reference to a PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'ClaimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: PhotonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host + machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if + unspecified. + type: string + pdID: + description: ID that identifies Photon Controller persistent + disk + type: string + required: + - pdID + type: object + portworxVolume: + description: PortworxVolume represents a portworx volume + attached and mounted on kubelets host machine + properties: + fsType: + description: FSType represents the filesystem type to + mount Must be a filesystem type supported by the host + operating system. Ex. "ext4", "xfs". Implicitly inferred + to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: VolumeID uniquely identifies a Portworx + volume + type: string + required: + - volumeID + type: object + projected: + description: Items for all in one resources secrets, configmaps, + and downward API + properties: + defaultMode: + description: Mode bits used to set permissions on created + files by default. Must be an octal value between 0000 + and 0777 or a decimal value between 0 and 511. YAML + accepts both octal and decimal values, JSON requires + decimal values for mode bits. Directories within the + path are not affected by this setting. This might + be in conflict with other options that affect the + file mode, like fsGroup, and the result can be other + mode bits set. + format: int32 + type: integer + sources: + description: list of volume projections + items: + description: Projection that may be projected along + with other supported volume types + properties: + configMap: + description: information about the configMap data + to project + properties: + items: + description: If unspecified, each key-value + pair in the Data field of the referenced + ConfigMap will be projected into the volume + as a file whose name is the key and content + is the value. If specified, the listed keys + will be projected into the specified paths, + and unlisted keys will not be present. If + a key is specified which is not present + in the ConfigMap, the volume setup will + error unless it is marked optional. Paths + must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used + to set permissions on this file. Must + be an octal value between 0000 and + 0777 or a decimal value between 0 + and 511. YAML accepts both octal and + decimal values, JSON requires decimal + values for mode bits. If not specified, + the volume defaultMode will be used. + This might be in conflict with other + options that affect the file mode, + like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the + file to map the key to. May not be + an absolute path. May not contain + the path element '..'. May not start + with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + downwardAPI: + description: information about the downwardAPI + data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits used + to set permissions on this file, must + be an octal value between 0000 and + 0777 or a decimal value between 0 + and 511. YAML accepts both octal and + decimal values, JSON requires decimal + values for mode bits. If not specified, + the volume defaultMode will be used. + This might be in conflict with other + options that affect the file mode, + like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the + relative path name of the file to + be created. Must not be absolute or + contain the ''..'' path. Must be utf-8 + encoded. The first item of the relative + path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of + the container: only resources limits + and requests (limits.cpu, limits.memory, + requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: information about the secret data + to project + properties: + items: + description: If unspecified, each key-value + pair in the Data field of the referenced + Secret will be projected into the volume + as a file whose name is the key and content + is the value. If specified, the listed keys + will be projected into the specified paths, + and unlisted keys will not be present. If + a key is specified which is not present + in the Secret, the volume setup will error + unless it is marked optional. Paths must + be relative and may not contain the '..' + path or start with '..'. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used + to set permissions on this file. Must + be an octal value between 0000 and + 0777 or a decimal value between 0 + and 511. YAML accepts both octal and + decimal values, JSON requires decimal + values for mode bits. If not specified, + the volume defaultMode will be used. + This might be in conflict with other + options that affect the file mode, + like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the + file to map the key to. May not be + an absolute path. May not contain + the path element '..'. May not start + with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + type: object + serviceAccountToken: + description: information about the serviceAccountToken + data to project + properties: + audience: + description: Audience is the intended audience + of the token. A recipient of a token must + identify itself with an identifier specified + in the audience of the token, and otherwise + should reject the token. The audience defaults + to the identifier of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested + duration of validity of the service account + token. As the token approaches expiration, + the kubelet volume plugin will proactively + rotate the service account token. The kubelet + will start trying to rotate the token if + the token is older than 80 percent of its + time to live or if the token is older than + 24 hours.Defaults to 1 hour and must be + at least 10 minutes. + format: int64 + type: integer + path: + description: Path is the path relative to + the mount point of the file to project the + token into. + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + description: Quobyte represents a Quobyte mount on the host + that shares a pod's lifetime + properties: + group: + description: Group to map volume access to Default is + no group + type: string + readOnly: + description: ReadOnly here will force the Quobyte volume + to be mounted with read-only permissions. Defaults + to false. + type: boolean + registry: + description: Registry represents a single or multiple + Quobyte Registry services specified as a string as + host:port pair (multiple entries are separated with + commas) which acts as the central registry for volumes + type: string + tenant: + description: Tenant owning the given Quobyte volume + in the Backend Used with dynamically provisioned Quobyte + volumes, value is set by the plugin + type: string + user: + description: User to map volume access to Defaults to + serivceaccount user + type: string + volume: + description: Volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'RBD represents a Rados Block Device mount + on the host that shares a pod''s lifetime. More info: + https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'Filesystem type of the volume that you + want to mount. Tip: Ensure that the filesystem type + is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + image: + description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'Keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'A collection of Ceph monitors. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'The rados pool name. Default is rbd. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly + setting in VolumeMounts. Defaults to false. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'SecretRef is name of the authentication + secret for RBDUser. If provided overrides keyring. + Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + user: + description: 'The rados user name. Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: ScaleIO represents a ScaleIO persistent volume + attached and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: The host address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: The name of the ScaleIO Protection Domain + for the configured storage. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef references to the secret for + ScaleIO user and other sensitive information. If this + is not provided, Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + sslEnabled: + description: Flag to enable/disable SSL communication + with Gateway, default false + type: boolean + storageMode: + description: Indicates whether the storage for a volume + should be ThickProvisioned or ThinProvisioned. Default + is ThinProvisioned. + type: string + storagePool: + description: The ScaleIO Storage Pool associated with + the protection domain. + type: string + system: + description: The name of the storage system as configured + in ScaleIO. + type: string + volumeName: + description: The name of a volume already created in + the ScaleIO system that is associated with this volume + source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'Secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'Optional: mode bits used to set permissions + on created files by default. Must be an octal value + between 0000 and 0777 or a decimal value between 0 + and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults + to 0644. Directories within the path are not affected + by this setting. This might be in conflict with other + options that affect the file mode, like fsGroup, and + the result can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in + the Data field of the referenced Secret will be projected + into the volume as a file whose name is the key and + content is the value. If specified, the listed keys + will be projected into the specified paths, and unlisted + keys will not be present. If a key is specified which + is not present in the Secret, the volume setup will + error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start + with '..'. + items: + description: Maps a string key to a path within a + volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set + permissions on this file. Must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal + values, JSON requires decimal values for mode + bits. If not specified, the volume defaultMode + will be used. This might be in conflict with + other options that affect the file mode, like + fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + path: + description: The relative path of the file to + map the key to. May not be an absolute path. + May not contain the path element '..'. May not + start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: Specify whether the Secret or its keys + must be defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace + to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: StorageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if + unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef specifies the secret to use for + obtaining the StorageOS API credentials. If not specified, + default values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + volumeName: + description: VolumeName is the human-readable name of + the StorageOS volume. Volume names are only unique + within a namespace. + type: string + volumeNamespace: + description: VolumeNamespace specifies the scope of + the volume within StorageOS. If no namespace is specified + then the Pod's namespace will be used. This allows + the Kubernetes name scoping to be mirrored within + StorageOS for tighter integration. Set VolumeName + to any name to override the default behaviour. Set + to "default" if you are not using namespaces within + StorageOS. Namespaces that do not pre-exist within + StorageOS will be created. + type: string + type: object + vsphereVolume: + description: VsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if + unspecified. + type: string + storagePolicyID: + description: Storage Policy Based Management (SPBM) + profile ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: Storage Policy Based Management (SPBM) + profile name. + type: string + volumePath: + description: Path that identifies vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + required: + - volumeMounts + - volumes + type: object + oneReplicaPerNode: + description: oneReplicaPerNode controls whether to run 1 pod per node + using the pod anti-affinity capability. Enabling this configuration + in an existing cluster will roll the cluster. + type: boolean + passwordEncoder: + description: passwordEncoder specifies password encoder secret for + Schema Registry. + properties: + directoryPathInContainer: + description: 'directoryPathInContainer contains the directory + path in the container where the required secret is mounted. + Directory should have the file `password-encoder.txt`. The contents + should include a new password. Old password is optional and + required only for rotation. More info: https://docs.confluent.io/operator/current/co-password-encoder-secret.' + type: string + secretRef: + description: 'secretRef specifies the secret name. The secret + should have the key `password-encoder.txt`. The contents should + include a new password. Old password is optional and required + only for rotation. More info: https://docs.confluent.io/operator/current/co-password-encoder-secret.' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + podTemplate: + description: podTemplate specifies the statefulset pod template configuration. + properties: + affinity: + description: 'affinity specifies a group of affinity scheduling + rules. More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity.' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from + its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term + matches no objects. The requirements of them are + ANDed. The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. This + field is beta-level and is only honored when + PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. This field is beta-level + and is only honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node that + violates one or more of the expressions. The node that + is most preferred is the one with the greatest sum of + weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. This + field is beta-level and is only honored when + PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod + label update), the system may or may not try to eventually + evict the pod from its node. When there are multiple + elements, the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. This field is beta-level + and is only honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'annotations is a map of string key and value pairs + stored with the resource and may be set by external tools to + store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations.' + type: object + x-kubernetes-map-type: granular + envVars: + description: 'envVars contain environment variables to be injected + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container.' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. If + a variable cannot be resolved, the reference in the input + string will be unchanged. Double $$ are reduced to a single + $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'labels is a map of string key and value pairs that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels.' + type: object + x-kubernetes-map-type: granular + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present + in container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to + all containers in a pod. Some volume types allow the Kubelet + to change the ownership of that volume to be owned by the + pod: \n 1. The owning GID will be the FSGroup 2. The setgid + bit is set (new files created in the volume will be owned + by FSGroup) 3. The permission bits are OR'd with rw-rw---- + \n If unset, the Kubelet will not modify the ownership and + permissions of any volume. Note that this field cannot be + set when spec.os.name is windows." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified, "Always" is used. Note that + this field cannot be set when spec.os.name is windows.' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. Note that this field + cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + Note that this field cannot be set when spec.os.name is + windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence + for that container. Note that this field cannot be set when + spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by the containers + in this pod. Note that this field cannot be set when spec.os.name + is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile must + be preconfigured on the node to work. Must be a descending + path, relative to the kubelet's configured seccomp profile + location. Must only be set if type is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - a + profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile + should be used. Unconfined - no profile should be applied." + type: string + required: + - type + type: object + supplementalGroups: + description: A list of groups applied to the first process + run in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + Note that this field cannot be set when spec.os.name is + windows. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. Note that this field cannot + be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options within a container's + SecurityContext will be used. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. This field is + alpha-level and will only be honored by components that + enable the WindowsHostProcessContainers feature flag. + Setting this field without the feature flag will result + in errors when validating the Pod. All of a Pod's containers + must have the same effective HostProcess value (it is + not allowed to have a mix of HostProcess containers + and non-HostProcess containers). In addition, if HostProcess + is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + priorityClassName: + description: priorityClassName specifies the priority class for + the pod (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: probe contains the fields for standard Kubernetes + readiness/liveness probe configuration. + properties: + liveness: + description: liveness configures the Kubernetes probe settings. + The changes will override the existing default configuration. + properties: + failureThreshold: + description: failureThreshold is the minimum consecutive + failures for the probe to be considered failed. Confluent + Platform components come with the right configuration, + and this setting is not required to change most of the + time. + format: int32 + type: integer + initialDelaySeconds: + description: initialDelaySeconds is the number of seconds + after the container has started and before probes are + initiated. Confluent Platform components come with the + right configuration, and this setting is not required + to change most of the time. + format: int32 + type: integer + periodSeconds: + description: periodSeconds specifies how often to perform + the probe. Confluent Platform components come with the + right configuration, and this setting is not required + to change most of the time. + format: int32 + type: integer + successThreshold: + description: successThreshold is the minimum consecutive + successes for the probe to be considered successful + after having failed. The default values is `1`. Must + be `1` for liveness and startup. The minimum value is + `1`. + format: int32 + type: integer + timeoutSeconds: + description: timeoutSeconds is the number of seconds after + which the probe times out. Confluent Platform components + come with the right configuration, and this setting + is not required to change most of the time. + format: int32 + type: integer + type: object + readiness: + description: readiness configures the Kubernetes probe setting. + The changes will override the existing default configuration. + properties: + failureThreshold: + description: failureThreshold is the minimum consecutive + failures for the probe to be considered failed. Confluent + Platform components come with the right configuration, + and this setting is not required to change most of the + time. + format: int32 + type: integer + initialDelaySeconds: + description: initialDelaySeconds is the number of seconds + after the container has started and before probes are + initiated. Confluent Platform components come with the + right configuration, and this setting is not required + to change most of the time. + format: int32 + type: integer + periodSeconds: + description: periodSeconds specifies how often to perform + the probe. Confluent Platform components come with the + right configuration, and this setting is not required + to change most of the time. + format: int32 + type: integer + successThreshold: + description: successThreshold is the minimum consecutive + successes for the probe to be considered successful + after having failed. The default values is `1`. Must + be `1` for liveness and startup. The minimum value is + `1`. + format: int32 + type: integer + timeoutSeconds: + description: timeoutSeconds is the number of seconds after + which the probe times out. Confluent Platform components + come with the right configuration, and this setting + is not required to change most of the time. + format: int32 + type: integer + type: object + type: object + resources: + description: resources describe the compute resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: SecurityContext holds security configuration that + will be applied to a container. Some fields are present in both + SecurityContext and PodSecurityContext. When both are set, + the values in SecurityContext take precedence. + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN Note that this field cannot be set + when spec.os.name is windows.' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. Note that this field cannot be set when + spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. Note that this field cannot + be set when spec.os.name is windows. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. Note that this field cannot be set when spec.os.name + is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. Note that this field cannot be set when + spec.os.name is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this container. + If seccomp options are provided at both the pod & container + level, the container options override the pod options. Note + that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile must + be preconfigured on the node to work. Must be a descending + path, relative to the kubelet's configured seccomp profile + location. Must only be set if type is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - a + profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile + should be used. Unconfined - no profile should be applied." + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is + linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. This field is + alpha-level and will only be honored by components that + enable the WindowsHostProcessContainers feature flag. + Setting this field without the feature flag will result + in errors when validating the Pod. All of a Pod's containers + must have the same effective HostProcess value (it is + not allowed to have a mix of HostProcess containers + and non-HostProcess containers). In addition, if HostProcess + is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the service account + used to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account.' + type: string + terminationGracePeriodSeconds: + description: terminationGracePeriodSeconds is the grace period + before the pod is deleted. + format: int64 + type: integer + tolerations: + description: tolerations specify the pods to schedule onto the + nodes with matching taints, using the triple `` + and the matching operator ``. + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: topologySpreadConstraints describe how a group of + pods ought to spread across topology domains. Scheduler will + schedule pods based on the constraints. All topologySpreadConstraints + are ANDed. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods + may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, + it is the maximum permitted difference between the number + of matching pods in the target topology and the global + minimum. For example, in a 3-zone cluster, MaxSkew is + set to 1, and pods with the same labelSelector spread + as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | + - if MaxSkew is 1, incoming pod can only be scheduled + to zone3 to become 1/1/1; scheduling it onto zone1(zone2) + would make the ActualSkew(2-0) on zone1(zone2) violate + MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled + onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, + it is used to give higher precedence to topologies that + satisfy it. It''s a required field. Default value is 1 + and 0 is not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - + DoNotSchedule (default) tells the scheduler not to schedule + it. - ScheduleAnyway tells the scheduler to schedule the + pod in any location, but giving higher precedence to + topologies that would help reduce the skew. A constraint + is considered "Unsatisfiable" for an incoming pod if and + only if every possible node assignment for that pod would + violate "MaxSkew" on some topology. For example, in a + 3-zone cluster, MaxSkew is set to 1, and pods with the + same labelSelector spread as 3/1/1: | zone1 | zone2 | + zone3 | | P P P | P | P | If WhenUnsatisfiable + is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) + on zone2(zone3) satisfies MaxSkew(1). In other words, + the cluster can still be imbalanced, but scheduler won''t + make it *more* imbalanced. It''s a required field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + replicas: + description: replicas is the desired number of replicas. A change + to this setting will roll the cluster. + format: int32 + type: integer + telemetry: + description: telemetry specifies the Confluent telemetry reporter + configuration. + properties: + global: + description: global allows disabling telemetry configuration. + If CFK is deployed with telemetry, this field is only used to + disable telemetry. The default value is `true` if telemetry + is enabled at the global level. + type: boolean + type: object + tls: + description: tls specifies the TLS configurations for the REST API + endpoint. + properties: + autoGeneratedCerts: + description: autoGeneratedCerts specifies that the certificates + are auto-generated based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` is + not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether to ignore + the truststore configuration for the Confluent component. + type: boolean + jksPassword: + description: jksPassword references the secret containing the + JKS password. + properties: + secretRef: + description: 'secretRef references the name of the secret + containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing the certificates. + More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - image + - replicas + type: object + status: + description: status defines the observed state of the Schema Registry + cluster. + properties: + authorizationType: + description: authorizationType is the authorization type for this + Confluent component. + type: string + clusterName: + description: clusterName is the name of the Confluent Platform component + cluster. + type: string + clusterNamespace: + description: clusterNamespace is the namespace where the Confluent + Platform component cluster is running. + type: string + conditions: + description: conditions specify the latest available observations + of the current state. + items: + description: Condition represent the latest available observations + of the current state. + properties: + lastProbeTime: + description: lastProbeTime shows the last time the condition + was evaluated. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime shows the last time the condition + was transitioned from one status to another. + format: date-time + type: string + message: + description: message shows a human-readable message with details + about the transition. + type: string + reason: + description: reason shows the reason for the last transition + of the condition. + type: string + status: + description: status shows the status of the condition, one of + `True`, `False`, or `Unknown`. + type: string + type: + description: type shows the condition type. + type: string + type: object + type: array + currentReplicas: + description: currentReplicas is the number of currently running replicas. + format: int32 + type: integer + groupId: + description: groupId is the group id of the Schema Registry cluster. + type: string + internalSecrets: + description: internalSecrets are internal secrets created by CFK for + this Confluent component. + items: + type: string + type: array + internalTopicNames: + description: internalTopicNames are the topics used by the component + for internal use. + items: + type: string + type: array + kafka: + description: kafka is the Kafka client side status for the Schema + Registry cluster. + properties: + authenticationType: + description: authenticationType describes the authentication method + for the Kafka cluster. + type: string + bootstrapEndpoint: + description: bootstrapEndpoint specifies the Kafka bootstrap endpoint. + type: string + tls: + description: tls indicates whether TLS is enabled for the Kafka + dependency. + type: boolean + type: object + metricPrefix: + description: metricPrefix is the prefix for the JMX metric of the + Schema Registry cluster. + type: string + operatorVersion: + description: operatorVersion is the internal version of CFK. + type: string + phase: + description: phase describes the state of the Confluent Platform component. + type: string + rbac: + description: rbac contains the RBAC-related status when RBAC is enabled. + properties: + clusterID: + description: clusterID specifies the id of the cluster. + type: string + internalRolebindings: + description: internalRolebindings specifies the internal rolebindings. + items: + type: string + type: array + type: object + readyReplicas: + description: readyReplicas is the number of currently ready replicas. + format: int32 + type: integer + replicas: + description: replicas is the number of replicas. + format: int32 + type: integer + restConfig: + description: restConfig is the REST API configuration of the Schema + Registry cluster. + properties: + advertisedExternalEndpoints: + description: advertisedExternalEndpoints specifies other advertised + endpoints used, especially for Kafka. + items: + type: string + type: array + authenticationType: + description: authenticationType shows the authentication type + configured by the listener. + type: string + externalAccessType: + description: externalAccessType shows the external access type + used for the listener. + type: string + externalEndpoint: + description: externalEndpoint specifies the external endpoint + to connect to the Confluent component cluster. + type: string + internalEndpoint: + description: internalEndpoint specifies the internal endpoint + to connect to the Confluent component cluster. + type: string + tls: + description: tls shows whether TLS is configured for the listener. + type: boolean + type: object + selector: + description: selector gets the label selector of the child pod. The + Horizontal Pod Autoscaler(HPA) will scale using the label selector + of the child pod. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.3.0/crds/platform.confluent.io_schemas.yaml b/base/cfk-base/2.3.0/crds/platform.confluent.io_schemas.yaml new file mode 100644 index 0000000..61ca55d --- /dev/null +++ b/base/cfk-base/2.3.0/crds/platform.confluent.io_schemas.yaml @@ -0,0 +1,452 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_schemas.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + name: schemas.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: Schema + listKind: SchemaList + plural: schemas + shortNames: + - schema + singular: schema + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.format + name: Format + type: string + - jsonPath: .status.id + name: ID + type: string + - jsonPath: .status.version + name: Version + type: string + - jsonPath: .status.phase + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.schemaRegistryEndpoint + name: SchemaRegistryEndpoint + priority: 1 + type: string + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec defines the desired state of the Schema. + properties: + data: + description: data defines the data required to create the schema. + properties: + configRef: + description: configRef is the name of the Kubernetes ConfigMap + resource containing the schema. + minLength: 1 + type: string + format: + description: format is the format type of the encoded schema. + Valid options are `avro`, `json`, and `protobuf`. + enum: + - avro + - json + - protobuf + minLength: 1 + type: string + required: + - configRef + - format + type: object + name: + description: name specifies the schema name. If not configured, the + Schema CR name is used as the schema name. + maxLength: 255 + minLength: 1 + pattern: ^[:a-zA-Z0-9_.-]*$ + type: string + schemaReferences: + description: schemaReferences defines the schema references in the + schema data. + items: + description: SchemaReference is the schema to be used as a reference + for the new schema. + properties: + avro: + description: avro is the data for the referenced Avro schema. + properties: + avro: + description: name is the fully qualified name of the referenced + Avro schema. + minLength: 1 + type: string + required: + - avro + type: object + format: + description: format is the format type of the referenced schema. + Valid options are `avro`, `json`, and `protobuf`. + enum: + - avro + - json + - protobuf + minLength: 1 + type: string + json: + description: json is the data for the referenced JSON schema. + properties: + url: + description: url is the referenced JSON schema url. + minLength: 1 + type: string + required: + - url + type: object + protobuf: + description: protobuf is the data for the referenced Protobuf + schema. + properties: + file: + description: file is the file name of the referenced Protobuf + schema. + minLength: 1 + type: string + required: + - file + type: object + subject: + description: subject is the subject name for the referenced + schema through the configRef. + minLength: 1 + type: string + version: + description: version is the version type of the referenced schema. + format: int32 + type: integer + required: + - format + - subject + - version + type: object + type: array + schemaRegistryClusterRef: + description: schemaRegistryClusterRef references the CFK-managed Schema + Registry cluster. + properties: + name: + description: name specifies the name of the Confluent Platform + component cluster. + type: string + namespace: + description: namespace specifies the namespace where the Confluent + Platform component cluster is running. + type: string + required: + - name + type: object + schemaRegistryRest: + description: schemaRegistryRest specifies the Schema Registry REST + API configuration. + properties: + authentication: + description: authentication specifies the REST API authentication + mechanism. + properties: + basic: + description: basic specifies the basic authentication settings + for the REST API client. + properties: + debug: + description: debug enables the basic authentication debug + logs for JaaS configuration. + type: boolean + directoryPathInContainer: + description: 'directoryPathInContainer allows to pass + the basic credential through a directory path in the + container. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + minLength: 1 + type: string + restrictedRoles: + description: restrictedRoles specify the restricted roles + on the server side only. Changes will be only reflected + in Control Center. This configuration is ignored on + the client side configuration. + items: + type: string + minItems: 1 + type: array + roles: + description: roles specify the roles on the server side + only. This configuration is ignored on the client side + configuration. + items: + type: string + type: array + secretRef: + description: 'secretRef defines secret reference to pass + the required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html#basic-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + bearer: + description: bearer specifies the bearer authentication settings + for the REST API client. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where the credential is mounted. + minLength: 1 + type: string + secretRef: + description: 'secretRef specifies the name of the secret + that contains the credential. More info: https://docs.confluent.io/operator/current/co-authenticate.html#bearer-authentication' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: type specifies the REST API authentication type. + Valid options are `basic`, `bearer`, and `mtls`. + enum: + - basic + - bearer + - mtls + type: string + required: + - type + type: object + endpoint: + description: endpoint specifies where Confluent REST API is running. + minLength: 1 + pattern: ^https?://.* + type: string + kafkaClusterID: + description: kafkaClusterID specifies the id of Kafka cluster. + It takes precedence over using the Kafka REST API to get the + cluster id. + minLength: 1 + type: string + tls: + description: tls specifies the custom TLS structure for the application + resources, e.g. connector, topic, schema, of the Confluent Platform + components. + properties: + directoryPathInContainer: + description: directoryPathInContainer contains the directory + path in the container where `keystore.jks`, `truststore.jks`, + `jksPassword.txt` keys are mounted. + minLength: 1 + type: string + jksPassword: + description: jksPassword specifies the secret name that contains + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the secret + containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef specifies the secret name that contains + the certificates. More info about certificates key/value + format: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: object + required: + - data + type: object + status: + description: status defines the observed state of the Schema. + properties: + conditions: + description: conditions are the latest available observed state of + the schema. + items: + description: Condition represent the latest available observations + of the current state. + properties: + lastProbeTime: + description: lastProbeTime shows the last time the condition + was evaluated. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime shows the last time the condition + was transitioned from one status to another. + format: date-time + type: string + message: + description: message shows a human-readable message with details + about the transition. + type: string + reason: + description: reason shows the reason for the last transition + of the condition. + type: string + status: + description: status shows the status of the condition, one of + `True`, `False`, or `Unknown`. + type: string + type: + description: type shows the condition type. + type: string + type: object + type: array + deletedVersions: + description: deletedVersions are the successfully hard deleted versions + for the subject. + items: + format: int32 + type: integer + type: array + format: + description: format is the format of the latest schema for the subject. + type: string + id: + description: id is the id of the latest schema for the subject. + format: int32 + type: integer + schemaReferences: + description: schemaReferences are the schema references for the subject. + items: + description: SchemaReference is the schema to be used as a reference + for the new schema. + properties: + avro: + description: avro is the data for the referenced Avro schema. + properties: + avro: + description: name is the fully qualified name of the referenced + Avro schema. + minLength: 1 + type: string + required: + - avro + type: object + format: + description: format is the format type of the referenced schema. + Valid options are `avro`, `json`, and `protobuf`. + enum: + - avro + - json + - protobuf + minLength: 1 + type: string + json: + description: json is the data for the referenced JSON schema. + properties: + url: + description: url is the referenced JSON schema url. + minLength: 1 + type: string + required: + - url + type: object + protobuf: + description: protobuf is the data for the referenced Protobuf + schema. + properties: + file: + description: file is the file name of the referenced Protobuf + schema. + minLength: 1 + type: string + required: + - file + type: object + subject: + description: subject is the subject name for the referenced + schema through the configRef. + minLength: 1 + type: string + version: + description: version is the version type of the referenced schema. + format: int32 + type: integer + required: + - format + - subject + - version + type: object + type: array + schemaRegistryAuthenticationType: + description: schemaRegistryAuthenticationType is the authentication + method used. + type: string + schemaRegistryEndpoint: + description: schemaRegistryEndpoint is the Schema Registry REST endpoint. + type: string + schemaRegistryTLS: + description: schemaRegistryTLS shows whether the Schema Registry is + using TLS. + type: boolean + softDeletedVersions: + description: softDeletedVersions are the successfully soft deleted + versions for the subject. + items: + format: int32 + type: integer + type: array + state: + description: state is the state of the Schema CR. + type: string + subject: + description: subject is the subject of the schema. + type: string + version: + description: version is the version of the latest schema for the subject. + format: int32 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.3.0/crds/platform.confluent.io_zookeepers.yaml b/base/cfk-base/2.3.0/crds/platform.confluent.io_zookeepers.yaml new file mode 100644 index 0000000..8c3b032 --- /dev/null +++ b/base/cfk-base/2.3.0/crds/platform.confluent.io_zookeepers.yaml @@ -0,0 +1,3827 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_zookeepers.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + name: zookeepers.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: Zookeeper + listKind: ZookeeperList + plural: zookeepers + shortNames: + - zookeeper + - zk + singular: zookeeper + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.replicas + name: Replicas + type: string + - jsonPath: .status.readyReplicas + name: Ready + type: string + - jsonPath: .status.phase + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.endpoint + name: Endpoint + priority: 1 + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: Zookeeper is the schema for the Zookeeper API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec defines the desired state of the Zookeeper cluster. + properties: + authentication: + description: authentication specifies the authentication configuration. + properties: + jaasConfig: + description: 'jaasConfig specifies the JaaS configuration. More + info: https://docs.confluent.io/operator/current/co-authenticate.html' + properties: + secretRef: + description: 'secretRef references the secret containing the + required credentials. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: 'jaasConfigPassThrough specifies another way to provide + JaaS configuration. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + properties: + directoryPathInContainer: + description: 'directoryPathInContainer specifies the directory + path in the container where required credentials are mounted. + More info: https://docs.confluent.io/operator/current/co-authenticate.html' + minLength: 1 + type: string + secretRef: + description: 'secretRef references the secret containing the + required credentials for authentication. More info: https://docs.confluent.io/operator/current/co-authenticate.html' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + principalMappingRules: + items: + type: string + type: array + type: + description: type specifies the Kafka or Zookeeper authentication + type. Valid options are `plain`, `digest`, `mtls`, and `ldap`. + enum: + - plain + - digest + - mtls + - ldap + type: string + required: + - type + type: object + configOverrides: + description: configOverrides specifies configs to override the server/JVM/log4j/peer + properties for the Zookeeper cluster. A change to this property + will roll the cluster. + properties: + jvm: + description: jvm is a list of JVM configuration supported by the + Confluent Platform component. This will either add or update + the existing configuration. + items: + type: string + type: array + log4j: + description: log4j is a list of Log4J configuration supported + by the Confluent Platform component. This will either add or + update the existing configuration. + items: + type: string + type: array + peers: + description: peers specify a list of dynamic peer configurations + for the Zookeeper cluster. This is only required when deploying + stretch Zookeeper for MRC deployments and should include all + the Zookeeper peers in other DCs that form the ensemble. This + will either add or update the existing configuration. + items: + type: string + type: array + server: + description: server is a list of server configuration supported + by the Confluent Platform component. This will either add or + update existing configuration. + items: + type: string + type: array + type: object + dataVolumeCapacity: + anyOf: + - type: integer + - type: string + description: dataVolumeCapacity specifies the data volume size. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + headlessService: + description: headlessService specifies the configuration of the Kubernetes + headless service. + properties: + annotations: + additionalProperties: + type: string + description: annotations is a map of string key and value pairs. + It specifies the annotations to be added to the CFK-created + headless service. These annotations are merged with the injectAnnotations + and take precedence. + type: object + x-kubernetes-map-type: granular + labels: + additionalProperties: + type: string + description: labels is a map of string key and value pairs. It + specifies the labels to be added to the CFK-created headless + service. These labels are merged with the injectLabels and take + precedence. + type: object + x-kubernetes-map-type: granular + publishNotReadyAddresses: + description: publishNotReadyAddresses specifies the publishNotReadyAddresses + field. For Kafka, this value must be true. The default value + is true. + type: boolean + type: object + image: + description: image specifies the application and the init docker image + configurations. A change to this setting will roll the cluster. + properties: + application: + description: application is the Docker image name of the application. + Specify `//:`. + pattern: .+:.+ + type: string + init: + description: init is the init-container name. Specify `//:`. + pattern: .+:.+ + type: string + pullPolicy: + description: pullPolicy is the policy for pulling images. Valid + options are `Always`, `Never`, and `IfNotPresent`. The default + value is `IfNotPresent`. + enum: + - Always + - Never + - IfNotPresent + type: string + pullSecretRef: + description: 'pullSecretRef references the secrets in the same + namespace to be used for pulling images. Image pull secrets + are distinct from secrets because secrets can be mounted in + the pod, but image pull secrets are only accessed by `kubelet`. + More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: injectAnnotations are the annotations injected to the + internal resources that CFK created. The internal annotations are + preserved and cannot be overridden. For pod annotations, use `podTemplate.annotations`. + type: object + x-kubernetes-map-type: granular + injectLabels: + additionalProperties: + type: string + description: injectLabels are the labels injected to the internal + resources that CFK created. The internal labels are preserved and + cannot be overridden. For pod labels, use `podTemplate.labels`. + type: object + x-kubernetes-map-type: granular + k8sClusterDomain: + description: k8sClusterDomain specifies the configuration of the Kubernetes + cluster domain. The default is the `cluster.local` domain. + type: string + license: + description: license specifies the license configuration for the Confluent + Platform component. + properties: + directoryPathInContainer: + description: 'directoryPathInContainer specifies the directory + path in the container where the license key is mounted. More + info: https://docs.confluent.io/operator/current/co-license.html#update-component-level-licenses' + minLength: 1 + type: string + globalLicense: + description: globalLicense specifies whether the Confluent Platform + component shares the CFK license. + type: boolean + secretRef: + description: 'secretRef references the secret that provides the + license for the Confluent Platform component. More info: https://docs.confluent.io/operator/current/co-license.html#update-component-level-licenses' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + logVolumeCapacity: + anyOf: + - type: integer + - type: string + description: logVolumeCapacity specifies the log volume size. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + metrics: + description: metrics specify the security settings for the metric + services. + properties: + authentication: + description: authentication specifies the authentication configuration + for the metrics. + properties: + type: + description: type specifies the metrics authentication method. + The valid option is `mtls`. + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: prometheus specifies the configuration overrides + for the JMX-Prometheus exporter. + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Rule defines the Prometheus Exporter rule override. + properties: + attrNameSnakeCase: + type: boolean + cache: + type: boolean + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + anyOf: + - type: integer + - type: string + default: 1 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: tls specifies the TLS configuration for the metrics. + properties: + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` + is not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + enabled: + description: enabled specifies to enable the TLS configuration + for the Confluent component. + type: boolean + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether to ignore + the truststore configuration for the Confluent component. + type: boolean + jksPassword: + description: jksPassword references the secret containing + the JKS password. + properties: + secretRef: + description: 'secretRef references the name of the secret + containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing the + certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: 'mountedSecrets list the secrets injected to the underlying + statefulset configuration. The secret reference is mounted in the + default path `/mnt/secrets/`. The underlying resources + will follow the secret as a file configuration. More info: https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod. + A change to this setting will roll the cluster.' + items: + description: MountedSecrets provides a way to inject a custom secret + to the underlying statefulset. + properties: + keyItems: + description: keyItems are key and path names. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions + on this file. Must be an octal value between 0000 and + 0777 or a decimal value between 0 and 511. YAML accepts + both octal and decimal values, JSON requires decimal + values for mode bits. If not specified, the volume defaultMode + will be used. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: secretRef references the name of the secret. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + mountedVolumes: + description: mountedVolumes list the custom volumes that need to be + mounted into the underlying statefulset. A change to this setting + will roll the cluster. + properties: + volumeMounts: + description: volumeMounts specify the list of volume mounts for + the pods in the statefulset. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + description: volumes specify the list of volumes that can be mounted + into the pods of statefulset. + items: + description: Volume represents a named volume in a pod that + may be accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'AWSElasticBlockStore represents an AWS Disk + resource that is attached to a kubelet''s host machine + and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'Filesystem type of the volume that you + want to mount. Tip: Ensure that the filesystem type + is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + partition: + description: 'The partition in the volume that you want + to mount. If omitted, the default is to mount by volume + name. Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume partition + for /dev/sda is "0" (or you can leave the property + empty).' + format: int32 + type: integer + readOnly: + description: 'Specify "true" to force and set the ReadOnly + property in VolumeMounts to "true". If omitted, the + default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'Unique ID of the persistent disk resource + in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: AzureDisk represents an Azure Data Disk mount + on the host and bind mount to the pod. + properties: + cachingMode: + description: 'Host Caching mode: None, Read Only, Read + Write.' + type: string + diskName: + description: The Name of the data disk in the blob storage + type: string + diskURI: + description: The URI the data disk in the blob storage + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if + unspecified. + type: string + kind: + description: 'Expected values Shared: multiple blob + disks per storage account Dedicated: single blob + disk per storage account Managed: azure managed data + disk (only in managed availability set). defaults + to shared' + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: AzureFile represents an Azure File Service + mount on the host and bind mount to the pod. + properties: + readOnly: + description: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: the name of secret that contains Azure + Storage Account Name and Key + type: string + shareName: + description: Share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: CephFS represents a Ceph FS mount on the host + that shares a pod's lifetime + properties: + monitors: + description: 'Required: Monitors is a collection of + Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'Optional: Used as the mounted root, rather + than the full Ceph tree, default is /' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'Optional: SecretFile is the path to key + ring for User, default is /etc/ceph/user.secret More + info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'Optional: SecretRef is reference to the + authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + user: + description: 'Optional: User is the rados user name, + default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'Cinder represents a cinder volume attached + and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'Optional: points to a secret object containing + parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + volumeID: + description: 'volume id used to identify the volume + in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: ConfigMap represents a configMap that should + populate this volume + properties: + defaultMode: + description: 'Optional: mode bits used to set permissions + on created files by default. Must be an octal value + between 0000 and 0777 or a decimal value between 0 + and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults + to 0644. Directories within the path are not affected + by this setting. This might be in conflict with other + options that affect the file mode, like fsGroup, and + the result can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in + the Data field of the referenced ConfigMap will be + projected into the volume as a file whose name is + the key and content is the value. If specified, the + listed keys will be projected into the specified paths, + and unlisted keys will not be present. If a key is + specified which is not present in the ConfigMap, the + volume setup will error unless it is marked optional. + Paths must be relative and may not contain the '..' + path or start with '..'. + items: + description: Maps a string key to a path within a + volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set + permissions on this file. Must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal + values, JSON requires decimal values for mode + bits. If not specified, the volume defaultMode + will be used. This might be in conflict with + other options that affect the file mode, like + fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + path: + description: The relative path of the file to + map the key to. May not be an absolute path. + May not contain the path element '..'. May not + start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys + must be defined + type: boolean + type: object + csi: + description: CSI (Container Storage Interface) represents + ephemeral storage that is handled by certain external + CSI drivers (Beta feature). + properties: + driver: + description: Driver is the name of the CSI driver that + handles this volume. Consult with your admin for the + correct name as registered in the cluster. + type: string + fsType: + description: Filesystem type to mount. Ex. "ext4", "xfs", + "ntfs". If not provided, the empty value is passed + to the associated CSI driver which will determine + the default filesystem to apply. + type: string + nodePublishSecretRef: + description: NodePublishSecretRef is a reference to + the secret object containing sensitive information + to pass to the CSI driver to complete the CSI NodePublishVolume + and NodeUnpublishVolume calls. This field is optional, + and may be empty if no secret is required. If the + secret object contains more than one secret, all secret + references are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + readOnly: + description: Specifies a read-only configuration for + the volume. Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: VolumeAttributes stores driver-specific + properties that are passed to the CSI driver. Consult + your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: DownwardAPI represents downward API about the + pod that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created + files by default. Must be a Optional: mode bits used + to set permissions on created files by default. Must + be an octal value between 0000 and 0777 or a decimal + value between 0 and 511. YAML accepts both octal and + decimal values, JSON requires decimal values for mode + bits. Defaults to 0644. Directories within the path + are not affected by this setting. This might be in + conflict with other options that affect the file mode, + like fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume + file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the + pod: only annotations, labels, name and namespace + are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits used to set + permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal + values, JSON requires decimal values for mode + bits. If not specified, the volume defaultMode + will be used. This might be in conflict with + other options that affect the file mode, like + fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must not + be absolute or contain the ''..'' path. Must + be utf-8 encoded. The first item of the relative + path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'EmptyDir represents a temporary directory + that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'What type of storage medium should back + this directory. The default is "" which means to use + the node''s default medium. Must be an empty string + (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'Total amount of local storage required + for this EmptyDir volume. The size limit is also applicable + for memory medium. The maximum usage on memory medium + EmptyDir would be the minimum value between the SizeLimit + specified here and the sum of memory limits of all + containers in a pod. The default is nil which means + that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: "Ephemeral represents a volume that is handled + by a cluster storage driver. The volume's lifecycle is + tied to the pod that defines it - it will be created before + the pod starts, and deleted when the pod is removed. \n + Use this if: a) the volume is only needed while the pod + runs, b) features of normal volumes like restoring from + snapshot or capacity tracking are needed, c) the storage + driver is specified through a storage class, and d) the + storage driver supports dynamic volume provisioning through + \ a PersistentVolumeClaim (see EphemeralVolumeSource + for more information on the connection between this + volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim + or one of the vendor-specific APIs for volumes that persist + for longer than the lifecycle of an individual pod. \n + Use CSI for light-weight local ephemeral volumes if the + CSI driver is meant to be used that way - see the documentation + of the driver for more information. \n A pod can use both + types of ephemeral volumes and persistent volumes at the + same time." + properties: + volumeClaimTemplate: + description: "Will be used to create a stand-alone PVC + to provision the volume. The pod in which this EphemeralVolumeSource + is embedded will be the owner of the PVC, i.e. the + PVC will be deleted together with the pod. The name + of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` + array entry. Pod validation will reject the pod if + the concatenated name is not valid for a PVC (for + example, too long). \n An existing PVC with that name + that is not owned by the pod will *not* be used for + the pod to avoid using an unrelated volume by mistake. + Starting the pod is then blocked until the unrelated + PVC is removed. If such a pre-created PVC is meant + to be used by the pod, the PVC has to updated with + an owner reference to the pod once the pod exists. + Normally this should not be necessary, but it may + be useful when manually reconstructing a broken cluster. + \n This field is read-only and no changes will be + made by Kubernetes to the PVC after it has been created. + \n Required, must not be nil." + properties: + metadata: + description: May contain labels and annotations + that will be copied into the PVC when creating + it. No other fields are allowed and will be rejected + during validation. + type: object + spec: + description: The specification for the PersistentVolumeClaim. + The entire content is copied unchanged into the + PVC that gets created from this template. The + same fields as in a PersistentVolumeClaim are + also valid here. + properties: + accessModes: + description: 'AccessModes contains the desired + access modes the volume should have. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'This field can be used to specify + either: * An existing VolumeSnapshot object + (snapshot.storage.k8s.io/VolumeSnapshot) * + An existing PVC (PersistentVolumeClaim) If + the provisioner or an external controller + can support the specified data source, it + will create a new volume based on the contents + of the specified data source. If the AnyVolumeDataSource + feature gate is enabled, this field will always + have the same contents as the DataSourceRef + field.' + properties: + apiGroup: + description: APIGroup is the group for the + resource being referenced. If APIGroup + is not specified, the specified Kind must + be in the core API group. For any other + third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + dataSourceRef: + description: 'Specifies the object from which + to populate the volume with data, if a non-empty + volume is desired. This may be any local object + from a non-empty API group (non core object) + or a PersistentVolumeClaim object. When this + field is specified, volume binding will only + succeed if the type of the specified object + matches some installed volume populator or + dynamic provisioner. This field will replace + the functionality of the DataSource field + and as such if both fields are non-empty, + they must have the same value. For backwards + compatibility, both fields (DataSource and + DataSourceRef) will be set to the same value + automatically if one of them is empty and + the other is non-empty. There are two important + differences between DataSource and DataSourceRef: + * While DataSource only allows two specific + types of objects, DataSourceRef allows any + non-core object, as well as PersistentVolumeClaim + objects. * While DataSource ignores disallowed + values (dropping them), DataSourceRef preserves + all values, and generates an error if a disallowed + value is specified. (Alpha) Using this field + requires the AnyVolumeDataSource feature gate + to be enabled.' + properties: + apiGroup: + description: APIGroup is the group for the + resource being referenced. If APIGroup + is not specified, the specified Kind must + be in the core API group. For any other + third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + resources: + description: 'Resources represents the minimum + resources the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify + resource requirements that are lower than + previous value but must still be higher than + capacity recorded in the status field of the + claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. + If Requests is omitted for a container, + it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: A label query over volumes to consider + for binding. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'Name of the StorageClass required + by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of + volume is required by the claim. Value of + Filesystem is implied when not included in + claim spec. + type: string + volumeName: + description: VolumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: FC represents a Fibre Channel resource that + is attached to a kubelet's host machine and then exposed + to the pod. + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if + unspecified. TODO: how do we prevent errors in the + filesystem from compromising the machine' + type: string + lun: + description: 'Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'Optional: FC target worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: 'Optional: FC volume world wide identifiers + (wwids) Either wwids or combination of targetWWNs + and lun must be set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: FlexVolume represents a generic volume resource + that is provisioned/attached using an exec based plugin. + properties: + driver: + description: Driver is the name of the driver to use + for this volume. + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". The default filesystem depends on FlexVolume + script. + type: string + options: + additionalProperties: + type: string + description: 'Optional: Extra command options if any.' + type: object + readOnly: + description: 'Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'Optional: SecretRef is reference to the + secret object containing sensitive information to + pass to the plugin scripts. This may be empty if no + secret object is specified. If the secret object contains + more than one secret, all secrets are passed to the + plugin scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + required: + - driver + type: object + flocker: + description: Flocker represents a Flocker volume attached + to a kubelet's host machine. This depends on the Flocker + control service being running + properties: + datasetName: + description: Name of the dataset stored as metadata + -> name on the dataset for Flocker should be considered + as deprecated + type: string + datasetUUID: + description: UUID of the dataset. This is unique identifier + of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'GCEPersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then + exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'Filesystem type of the volume that you + want to mount. Tip: Ensure that the filesystem type + is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + partition: + description: 'The partition in the volume that you want + to mount. If omitted, the default is to mount by volume + name. Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume partition + for /dev/sda is "0" (or you can leave the property + empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'Unique name of the PD resource in GCE. + Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly + setting in VolumeMounts. Defaults to false. More info: + https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'GitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision + a container with a git repo, mount an EmptyDir into an + InitContainer that clones the repo using git, then mount + the EmptyDir into the Pod''s container.' + properties: + directory: + description: Target directory name. Must not contain + or start with '..'. If '.' is supplied, the volume + directory will be the git repository. Otherwise, + if specified, the volume will contain the git repository + in the subdirectory with the given name. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'Glusterfs represents a Glusterfs mount on + the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'EndpointsName is the endpoint name that + details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'Path is the Glusterfs volume path. More + info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'ReadOnly here will force the Glusterfs + volume to be mounted with read-only permissions. Defaults + to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'HostPath represents a pre-existing file or + directory on the host machine that is directly exposed + to the container. This is generally used for system agents + or other privileged things that are allowed to see the + host machine. Most containers will NOT need this. More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host + directory mounts and who can/can not mount host directories + as read/write.' + properties: + path: + description: 'Path of the directory on the host. If + the path is a symlink, it will follow the link to + the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'Type for HostPath Volume Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'ISCSI represents an ISCSI Disk resource that + is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: whether support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: whether support iSCSI Session CHAP authentication + type: boolean + fsType: + description: 'Filesystem type of the volume that you + want to mount. Tip: Ensure that the filesystem type + is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + initiatorName: + description: Custom iSCSI Initiator Name. If initiatorName + is specified with iscsiInterface simultaneously, new + iSCSI interface : will + be created for the connection. + type: string + iqn: + description: Target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iSCSI Interface Name that uses an iSCSI + transport. Defaults to 'default' (tcp). + type: string + lun: + description: iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: iSCSI Target Portal List. The portal is + either an IP or ip_addr:port if the port is other + than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: CHAP Secret for iSCSI target and initiator + authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + targetPortal: + description: iSCSI Target Portal. The Portal is either + an IP or ip_addr:port if the port is other than default + (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique + within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'NFS represents an NFS mount on the host that + shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'Path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'ReadOnly here will force the NFS export + to be mounted with read-only permissions. Defaults + to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'Server is the hostname or IP address of + the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'PersistentVolumeClaimVolumeSource represents + a reference to a PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'ClaimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: PhotonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host + machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if + unspecified. + type: string + pdID: + description: ID that identifies Photon Controller persistent + disk + type: string + required: + - pdID + type: object + portworxVolume: + description: PortworxVolume represents a portworx volume + attached and mounted on kubelets host machine + properties: + fsType: + description: FSType represents the filesystem type to + mount Must be a filesystem type supported by the host + operating system. Ex. "ext4", "xfs". Implicitly inferred + to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: VolumeID uniquely identifies a Portworx + volume + type: string + required: + - volumeID + type: object + projected: + description: Items for all in one resources secrets, configmaps, + and downward API + properties: + defaultMode: + description: Mode bits used to set permissions on created + files by default. Must be an octal value between 0000 + and 0777 or a decimal value between 0 and 511. YAML + accepts both octal and decimal values, JSON requires + decimal values for mode bits. Directories within the + path are not affected by this setting. This might + be in conflict with other options that affect the + file mode, like fsGroup, and the result can be other + mode bits set. + format: int32 + type: integer + sources: + description: list of volume projections + items: + description: Projection that may be projected along + with other supported volume types + properties: + configMap: + description: information about the configMap data + to project + properties: + items: + description: If unspecified, each key-value + pair in the Data field of the referenced + ConfigMap will be projected into the volume + as a file whose name is the key and content + is the value. If specified, the listed keys + will be projected into the specified paths, + and unlisted keys will not be present. If + a key is specified which is not present + in the ConfigMap, the volume setup will + error unless it is marked optional. Paths + must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used + to set permissions on this file. Must + be an octal value between 0000 and + 0777 or a decimal value between 0 + and 511. YAML accepts both octal and + decimal values, JSON requires decimal + values for mode bits. If not specified, + the volume defaultMode will be used. + This might be in conflict with other + options that affect the file mode, + like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the + file to map the key to. May not be + an absolute path. May not contain + the path element '..'. May not start + with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + downwardAPI: + description: information about the downwardAPI + data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits used + to set permissions on this file, must + be an octal value between 0000 and + 0777 or a decimal value between 0 + and 511. YAML accepts both octal and + decimal values, JSON requires decimal + values for mode bits. If not specified, + the volume defaultMode will be used. + This might be in conflict with other + options that affect the file mode, + like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the + relative path name of the file to + be created. Must not be absolute or + contain the ''..'' path. Must be utf-8 + encoded. The first item of the relative + path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of + the container: only resources limits + and requests (limits.cpu, limits.memory, + requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: information about the secret data + to project + properties: + items: + description: If unspecified, each key-value + pair in the Data field of the referenced + Secret will be projected into the volume + as a file whose name is the key and content + is the value. If specified, the listed keys + will be projected into the specified paths, + and unlisted keys will not be present. If + a key is specified which is not present + in the Secret, the volume setup will error + unless it is marked optional. Paths must + be relative and may not contain the '..' + path or start with '..'. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used + to set permissions on this file. Must + be an octal value between 0000 and + 0777 or a decimal value between 0 + and 511. YAML accepts both octal and + decimal values, JSON requires decimal + values for mode bits. If not specified, + the volume defaultMode will be used. + This might be in conflict with other + options that affect the file mode, + like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the + file to map the key to. May not be + an absolute path. May not contain + the path element '..'. May not start + with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + type: object + serviceAccountToken: + description: information about the serviceAccountToken + data to project + properties: + audience: + description: Audience is the intended audience + of the token. A recipient of a token must + identify itself with an identifier specified + in the audience of the token, and otherwise + should reject the token. The audience defaults + to the identifier of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested + duration of validity of the service account + token. As the token approaches expiration, + the kubelet volume plugin will proactively + rotate the service account token. The kubelet + will start trying to rotate the token if + the token is older than 80 percent of its + time to live or if the token is older than + 24 hours.Defaults to 1 hour and must be + at least 10 minutes. + format: int64 + type: integer + path: + description: Path is the path relative to + the mount point of the file to project the + token into. + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + description: Quobyte represents a Quobyte mount on the host + that shares a pod's lifetime + properties: + group: + description: Group to map volume access to Default is + no group + type: string + readOnly: + description: ReadOnly here will force the Quobyte volume + to be mounted with read-only permissions. Defaults + to false. + type: boolean + registry: + description: Registry represents a single or multiple + Quobyte Registry services specified as a string as + host:port pair (multiple entries are separated with + commas) which acts as the central registry for volumes + type: string + tenant: + description: Tenant owning the given Quobyte volume + in the Backend Used with dynamically provisioned Quobyte + volumes, value is set by the plugin + type: string + user: + description: User to map volume access to Defaults to + serivceaccount user + type: string + volume: + description: Volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'RBD represents a Rados Block Device mount + on the host that shares a pod''s lifetime. More info: + https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'Filesystem type of the volume that you + want to mount. Tip: Ensure that the filesystem type + is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + image: + description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'Keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'A collection of Ceph monitors. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'The rados pool name. Default is rbd. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly + setting in VolumeMounts. Defaults to false. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'SecretRef is name of the authentication + secret for RBDUser. If provided overrides keyring. + Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + user: + description: 'The rados user name. Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: ScaleIO represents a ScaleIO persistent volume + attached and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: The host address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: The name of the ScaleIO Protection Domain + for the configured storage. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef references to the secret for + ScaleIO user and other sensitive information. If this + is not provided, Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + sslEnabled: + description: Flag to enable/disable SSL communication + with Gateway, default false + type: boolean + storageMode: + description: Indicates whether the storage for a volume + should be ThickProvisioned or ThinProvisioned. Default + is ThinProvisioned. + type: string + storagePool: + description: The ScaleIO Storage Pool associated with + the protection domain. + type: string + system: + description: The name of the storage system as configured + in ScaleIO. + type: string + volumeName: + description: The name of a volume already created in + the ScaleIO system that is associated with this volume + source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'Secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'Optional: mode bits used to set permissions + on created files by default. Must be an octal value + between 0000 and 0777 or a decimal value between 0 + and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults + to 0644. Directories within the path are not affected + by this setting. This might be in conflict with other + options that affect the file mode, like fsGroup, and + the result can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in + the Data field of the referenced Secret will be projected + into the volume as a file whose name is the key and + content is the value. If specified, the listed keys + will be projected into the specified paths, and unlisted + keys will not be present. If a key is specified which + is not present in the Secret, the volume setup will + error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start + with '..'. + items: + description: Maps a string key to a path within a + volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set + permissions on this file. Must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal + values, JSON requires decimal values for mode + bits. If not specified, the volume defaultMode + will be used. This might be in conflict with + other options that affect the file mode, like + fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + path: + description: The relative path of the file to + map the key to. May not be an absolute path. + May not contain the path element '..'. May not + start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: Specify whether the Secret or its keys + must be defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace + to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: StorageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if + unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef specifies the secret to use for + obtaining the StorageOS API credentials. If not specified, + default values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + volumeName: + description: VolumeName is the human-readable name of + the StorageOS volume. Volume names are only unique + within a namespace. + type: string + volumeNamespace: + description: VolumeNamespace specifies the scope of + the volume within StorageOS. If no namespace is specified + then the Pod's namespace will be used. This allows + the Kubernetes name scoping to be mirrored within + StorageOS for tighter integration. Set VolumeName + to any name to override the default behaviour. Set + to "default" if you are not using namespaces within + StorageOS. Namespaces that do not pre-exist within + StorageOS will be created. + type: string + type: object + vsphereVolume: + description: VsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if + unspecified. + type: string + storagePolicyID: + description: Storage Policy Based Management (SPBM) + profile ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: Storage Policy Based Management (SPBM) + profile name. + type: string + volumePath: + description: Path that identifies vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + required: + - volumeMounts + - volumes + type: object + oneReplicaPerNode: + description: oneReplicaPerNode controls whether to run 1 pod per node + using the pod anti-affinity capability. Enabling this configuration + in an existing cluster will roll the cluster. + type: boolean + podTemplate: + description: podTemplate specifies the statefulset pod template configuration. + properties: + affinity: + description: 'affinity specifies a group of affinity scheduling + rules. More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity.' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from + its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term + matches no objects. The requirements of them are + ANDed. The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. This + field is beta-level and is only honored when + PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. This field is beta-level + and is only honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node that + violates one or more of the expressions. The node that + is most preferred is the one with the greatest sum of + weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. This + field is beta-level and is only honored when + PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod + label update), the system may or may not try to eventually + evict the pod from its node. When there are multiple + elements, the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. This field is beta-level + and is only honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'annotations is a map of string key and value pairs + stored with the resource and may be set by external tools to + store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations.' + type: object + x-kubernetes-map-type: granular + envVars: + description: 'envVars contain environment variables to be injected + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container.' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. If + a variable cannot be resolved, the reference in the input + string will be unchanged. Double $$ are reduced to a single + $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'labels is a map of string key and value pairs that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels.' + type: object + x-kubernetes-map-type: granular + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present + in container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to + all containers in a pod. Some volume types allow the Kubelet + to change the ownership of that volume to be owned by the + pod: \n 1. The owning GID will be the FSGroup 2. The setgid + bit is set (new files created in the volume will be owned + by FSGroup) 3. The permission bits are OR'd with rw-rw---- + \n If unset, the Kubelet will not modify the ownership and + permissions of any volume. Note that this field cannot be + set when spec.os.name is windows." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified, "Always" is used. Note that + this field cannot be set when spec.os.name is windows.' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. Note that this field + cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + Note that this field cannot be set when spec.os.name is + windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence + for that container. Note that this field cannot be set when + spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by the containers + in this pod. Note that this field cannot be set when spec.os.name + is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile must + be preconfigured on the node to work. Must be a descending + path, relative to the kubelet's configured seccomp profile + location. Must only be set if type is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - a + profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile + should be used. Unconfined - no profile should be applied." + type: string + required: + - type + type: object + supplementalGroups: + description: A list of groups applied to the first process + run in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + Note that this field cannot be set when spec.os.name is + windows. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. Note that this field cannot + be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options within a container's + SecurityContext will be used. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. This field is + alpha-level and will only be honored by components that + enable the WindowsHostProcessContainers feature flag. + Setting this field without the feature flag will result + in errors when validating the Pod. All of a Pod's containers + must have the same effective HostProcess value (it is + not allowed to have a mix of HostProcess containers + and non-HostProcess containers). In addition, if HostProcess + is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + priorityClassName: + description: priorityClassName specifies the priority class for + the pod (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: probe contains the fields for standard Kubernetes + readiness/liveness probe configuration. + properties: + liveness: + description: liveness configures the Kubernetes probe settings. + The changes will override the existing default configuration. + properties: + failureThreshold: + description: failureThreshold is the minimum consecutive + failures for the probe to be considered failed. Confluent + Platform components come with the right configuration, + and this setting is not required to change most of the + time. + format: int32 + type: integer + initialDelaySeconds: + description: initialDelaySeconds is the number of seconds + after the container has started and before probes are + initiated. Confluent Platform components come with the + right configuration, and this setting is not required + to change most of the time. + format: int32 + type: integer + periodSeconds: + description: periodSeconds specifies how often to perform + the probe. Confluent Platform components come with the + right configuration, and this setting is not required + to change most of the time. + format: int32 + type: integer + successThreshold: + description: successThreshold is the minimum consecutive + successes for the probe to be considered successful + after having failed. The default values is `1`. Must + be `1` for liveness and startup. The minimum value is + `1`. + format: int32 + type: integer + timeoutSeconds: + description: timeoutSeconds is the number of seconds after + which the probe times out. Confluent Platform components + come with the right configuration, and this setting + is not required to change most of the time. + format: int32 + type: integer + type: object + readiness: + description: readiness configures the Kubernetes probe setting. + The changes will override the existing default configuration. + properties: + failureThreshold: + description: failureThreshold is the minimum consecutive + failures for the probe to be considered failed. Confluent + Platform components come with the right configuration, + and this setting is not required to change most of the + time. + format: int32 + type: integer + initialDelaySeconds: + description: initialDelaySeconds is the number of seconds + after the container has started and before probes are + initiated. Confluent Platform components come with the + right configuration, and this setting is not required + to change most of the time. + format: int32 + type: integer + periodSeconds: + description: periodSeconds specifies how often to perform + the probe. Confluent Platform components come with the + right configuration, and this setting is not required + to change most of the time. + format: int32 + type: integer + successThreshold: + description: successThreshold is the minimum consecutive + successes for the probe to be considered successful + after having failed. The default values is `1`. Must + be `1` for liveness and startup. The minimum value is + `1`. + format: int32 + type: integer + timeoutSeconds: + description: timeoutSeconds is the number of seconds after + which the probe times out. Confluent Platform components + come with the right configuration, and this setting + is not required to change most of the time. + format: int32 + type: integer + type: object + type: object + resources: + description: resources describe the compute resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: SecurityContext holds security configuration that + will be applied to a container. Some fields are present in both + SecurityContext and PodSecurityContext. When both are set, + the values in SecurityContext take precedence. + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN Note that this field cannot be set + when spec.os.name is windows.' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. Note that this field cannot be set when + spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. Note that this field cannot + be set when spec.os.name is windows. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. Note that this field cannot be set when spec.os.name + is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. Note that this field cannot be set when + spec.os.name is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this container. + If seccomp options are provided at both the pod & container + level, the container options override the pod options. Note + that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile must + be preconfigured on the node to work. Must be a descending + path, relative to the kubelet's configured seccomp profile + location. Must only be set if type is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - a + profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile + should be used. Unconfined - no profile should be applied." + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is + linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. This field is + alpha-level and will only be honored by components that + enable the WindowsHostProcessContainers feature flag. + Setting this field without the feature flag will result + in errors when validating the Pod. All of a Pod's containers + must have the same effective HostProcess value (it is + not allowed to have a mix of HostProcess containers + and non-HostProcess containers). In addition, if HostProcess + is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the service account + used to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account.' + type: string + terminationGracePeriodSeconds: + description: terminationGracePeriodSeconds is the grace period + before the pod is deleted. + format: int64 + type: integer + tolerations: + description: tolerations specify the pods to schedule onto the + nodes with matching taints, using the triple `` + and the matching operator ``. + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: topologySpreadConstraints describe how a group of + pods ought to spread across topology domains. Scheduler will + schedule pods based on the constraints. All topologySpreadConstraints + are ANDed. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods + may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, + it is the maximum permitted difference between the number + of matching pods in the target topology and the global + minimum. For example, in a 3-zone cluster, MaxSkew is + set to 1, and pods with the same labelSelector spread + as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | + - if MaxSkew is 1, incoming pod can only be scheduled + to zone3 to become 1/1/1; scheduling it onto zone1(zone2) + would make the ActualSkew(2-0) on zone1(zone2) violate + MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled + onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, + it is used to give higher precedence to topologies that + satisfy it. It''s a required field. Default value is 1 + and 0 is not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - + DoNotSchedule (default) tells the scheduler not to schedule + it. - ScheduleAnyway tells the scheduler to schedule the + pod in any location, but giving higher precedence to + topologies that would help reduce the skew. A constraint + is considered "Unsatisfiable" for an incoming pod if and + only if every possible node assignment for that pod would + violate "MaxSkew" on some topology. For example, in a + 3-zone cluster, MaxSkew is set to 1, and pods with the + same labelSelector spread as 3/1/1: | zone1 | zone2 | + zone3 | | P P P | P | P | If WhenUnsatisfiable + is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) + on zone2(zone3) satisfies MaxSkew(1). In other words, + the cluster can still be imbalanced, but scheduler won''t + make it *more* imbalanced. It''s a required field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + replicas: + description: replicas is the desired number of replicas. A change + to this setting will roll the cluster. + format: int32 + type: integer + storageClass: + description: storageClass specifies the user-provided storage class. + If not configured, the default storage class is used. + properties: + name: + description: name is the storage class name. + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: tls specifies the TLS configuration. + properties: + autoGeneratedCerts: + description: autoGeneratedCerts specifies that the certificates + are auto-generated based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: directoryPathInContainer specifies the directory + path in the container where `keystore.jks`, `truststore.jks`, + and `jksPassword.txt` keys are mounted. `truststore.jks` is + not configured and can be ignored when the `ignoreTrustStoreConfig` + field is set to `true`. + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: ignoreTrustStoreConfig indicates whether to ignore + the truststore configuration for the Confluent component. + type: boolean + jksPassword: + description: jksPassword references the secret containing the + JKS password. + properties: + secretRef: + description: 'secretRef references the name of the secret + containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: 'secretRef references the secret containing the certificates. + More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates' + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - dataVolumeCapacity + - image + - logVolumeCapacity + - replicas + type: object + status: + description: status defines the observed state of the Zookeeper cluster. + properties: + authenticationType: + description: authenticationType is the authentication method for the + Zookeeper cluster. + type: string + authorizationType: + description: authorizationType is the authorization type for this + Confluent component. + type: string + clusterName: + description: clusterName is the name of the Confluent Platform component + cluster. + type: string + clusterNamespace: + description: clusterNamespace is the namespace where the Confluent + Platform component cluster is running. + type: string + conditions: + description: conditions specify the latest available observations + of the current state. + items: + description: Condition represent the latest available observations + of the current state. + properties: + lastProbeTime: + description: lastProbeTime shows the last time the condition + was evaluated. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime shows the last time the condition + was transitioned from one status to another. + format: date-time + type: string + message: + description: message shows a human-readable message with details + about the transition. + type: string + reason: + description: reason shows the reason for the last transition + of the condition. + type: string + status: + description: status shows the status of the condition, one of + `True`, `False`, or `Unknown`. + type: string + type: + description: type shows the condition type. + type: string + type: object + type: array + currentReplicas: + description: currentReplicas is the number of currently running replicas. + format: int32 + type: integer + endpoint: + description: endpoint is the Zookeeper cluster endpoint. + type: string + internalSecrets: + description: internalSecrets are internal secrets created by CFK for + this Confluent component. + items: + type: string + type: array + internalTopicNames: + description: internalTopicNames are the topics used by the component + for internal use. + items: + type: string + type: array + myIdOffset: + description: myIdOffset shows the MyId offset configuration. + format: int32 + type: integer + operatorVersion: + description: operatorVersion is the internal version of CFK. + type: string + phase: + description: phase describes the state of the Confluent Platform component. + type: string + readyReplicas: + description: readyReplicas is the number of currently ready replicas. + format: int32 + type: integer + replicas: + description: replicas is the number of replicas. + format: int32 + type: integer + selector: + description: selector gets the label selector of the child pod. The + Horizontal Pod Autoscaler(HPA) will scale using the label selector + of the child pod. + type: string + tls: + description: tls shows whether TLS is configured for the Zookeeper + cluster. + type: boolean + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/base/cfk-base/2.3.0/templates/clusterrole.yaml b/base/cfk-base/2.3.0/templates/clusterrole.yaml new file mode 100644 index 0000000..72dae0f --- /dev/null +++ b/base/cfk-base/2.3.0/templates/clusterrole.yaml @@ -0,0 +1,125 @@ +--- +# Source: confluent-for-kubernetes/templates/clusterrole.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: confluent-for-kubernetes + app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: confluent-for-kubernetes-0.435.11 + name: confluent-operator +rules: +- apiGroups: + - cluster.confluent.com + resources: + - zookeeperclusters + - zookeeperclusters/status + - zookeeperclusters/scale + - zookeeperclusters/finalizers + - kafkaclusters + - kafkaclusters/status + - kafkaclusters/scale + - kafkaclusters/finalizers + verbs: + - '*' +- apiGroups: + - operator.confluent.cloud + resources: + - physicalstatefulclusters + - physicalstatefulclusters/scale + - physicalstatefulclusters/status + - physicalstatefulclusters/finalizers + verbs: + - '*' +- apiGroups: + - platform.confluent.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - route.openshift.io + resources: + - routes + - routes/custom-host + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - apps + resources: + - statefulsets + - statefulsets/scale + - statefulsets/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps + - persistentvolumeclaims + - secrets + - secrets/finalizers + - pods + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + - ingresses/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list diff --git a/base/cfk-base/2.3.0/templates/clusterrolebinding.yaml b/base/cfk-base/2.3.0/templates/clusterrolebinding.yaml new file mode 100644 index 0000000..6e6b99e --- /dev/null +++ b/base/cfk-base/2.3.0/templates/clusterrolebinding.yaml @@ -0,0 +1,22 @@ +--- +# Source: confluent-for-kubernetes/templates/clusterrolebinding.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: + app: confluent-for-kubernetes + app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: confluent-for-kubernetes-0.435.11 + name: confluent-operator +subjects: +- kind: ServiceAccount + name: confluent-for-kubernetes + namespace: default +roleRef: + kind: ClusterRole + name: confluent-operator + apiGroup: rbac.authorization.k8s.io +# Webhook configurations are cluster scoped diff --git a/base/cfk-base/2.3.0/templates/deployment.yaml b/base/cfk-base/2.3.0/templates/deployment.yaml new file mode 100644 index 0000000..ca705e9 --- /dev/null +++ b/base/cfk-base/2.3.0/templates/deployment.yaml @@ -0,0 +1,82 @@ +--- +# Source: confluent-for-kubernetes/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: confluent-for-kubernetes + app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: confluent-for-kubernetes-0.435.11 + version: 0.435.11 + name: confluent-operator + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: "confluent-operator" + app.kubernetes.io/instance: release-name + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: + prometheus.io/path: "/metrics" + prometheus.io/port: "7778" + prometheus.io/scrape: "true" + labels: + app: "confluent-operator" + app.kubernetes.io/name: "confluent-operator" + app.kubernetes.io/instance: release-name + confluent-platform: "true" + version: 0.435.11 + spec: + securityContext: + fsGroup: 1001 + runAsNonRoot: true + runAsUser: 1001 + containers: + - args: + - --debug=false + name: confluent-operator + image: docker.io/confluentinc/confluent-operator:0.435.11 + imagePullPolicy: IfNotPresent + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + readinessProbe: + httpGet: + port: 8080 + path: /readyz + livenessProbe: + httpGet: + port: 8080 + path: /healthz + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: NODEIP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_ENTITY_ID + valueFrom: + fieldRef: + fieldPath: metadata.uid + serviceAccountName: confluent-for-kubernetes + restartPolicy: Always + terminationGracePeriodSeconds: 30 diff --git a/base/cfk-base/2.3.0/templates/kustomization.yaml b/base/cfk-base/2.3.0/templates/kustomization.yaml new file mode 100644 index 0000000..e9867e7 --- /dev/null +++ b/base/cfk-base/2.3.0/templates/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - licensing.yaml + - clusterrole.yaml + - clusterrolebinding.yaml + - deployment.yaml + - service.yaml + - serviceaccount.yaml diff --git a/base/cfk-base/2.3.0/templates/licensing.yaml b/base/cfk-base/2.3.0/templates/licensing.yaml new file mode 100644 index 0000000..18b9c9a --- /dev/null +++ b/base/cfk-base/2.3.0/templates/licensing.yaml @@ -0,0 +1,16 @@ +--- +# Source: confluent-for-kubernetes/templates/licensing.yaml +apiVersion: v1 +kind: Secret +metadata: + labels: + app: confluent-for-kubernetes + app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: confluent-for-kubernetes-0.435.11 + namespace: default + name: confluent-operator-licensing +type: Opaque +data: diff --git a/base/cfk-base/2.3.0/templates/service.yaml b/base/cfk-base/2.3.0/templates/service.yaml new file mode 100644 index 0000000..a81660a --- /dev/null +++ b/base/cfk-base/2.3.0/templates/service.yaml @@ -0,0 +1,24 @@ +--- +# Source: confluent-for-kubernetes/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + labels: + app: confluent-for-kubernetes + app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: confluent-for-kubernetes-0.435.11 + name: confluent-operator + namespace: default +spec: + ports: + - name: http-metric + port: 7778 + protocol: TCP + targetPort: 7778 + selector: + app: "confluent-operator" + app.kubernetes.io/name: "confluent-operator" + type: ClusterIP diff --git a/base/cfk-base/2.3.0/templates/serviceaccount.yaml b/base/cfk-base/2.3.0/templates/serviceaccount.yaml new file mode 100644 index 0000000..b77a9a3 --- /dev/null +++ b/base/cfk-base/2.3.0/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +--- +# Source: confluent-for-kubernetes/templates/serviceaccount.yaml +apiVersion: v1 +imagePullSecrets: +- name: confluent-registry +kind: ServiceAccount +metadata: + labels: + app: confluent-for-kubernetes + app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: confluent-for-kubernetes-0.435.11 + name: confluent-for-kubernetes + namespace: default diff --git a/base/cfk-base/latest b/base/cfk-base/latest new file mode 120000 index 0000000..07b1fc6 --- /dev/null +++ b/base/cfk-base/latest @@ -0,0 +1 @@ +./2.3.0 \ No newline at end of file diff --git a/base/cfk-components/confluent-no-auth-no-tls/connect/kafka-connect.yaml b/base/cfk-components/confluent-no-auth-no-tls/connect/kafka-connect.yaml new file mode 100644 index 0000000..2a4e444 --- /dev/null +++ b/base/cfk-components/confluent-no-auth-no-tls/connect/kafka-connect.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: platform.confluent.io/v1beta1 +kind: Connect +metadata: + name: connect +spec: + replicas: 1 + image: + application: confluentinc/cp-server-connect:7.1.0 + init: confluentinc/confluent-init-container:2.3.0 \ No newline at end of file diff --git a/base/cfk-components/confluent-no-auth/connect/kustomization.yaml b/base/cfk-components/confluent-no-auth-no-tls/connect/kustomization.yaml similarity index 100% rename from base/cfk-components/confluent-no-auth/connect/kustomization.yaml rename to base/cfk-components/confluent-no-auth-no-tls/connect/kustomization.yaml diff --git a/base/cfk-components/confluent-no-auth-no-tls/control-centre.yaml b/base/cfk-components/confluent-no-auth-no-tls/control-centre.yaml new file mode 100644 index 0000000..05606ce --- /dev/null +++ b/base/cfk-components/confluent-no-auth-no-tls/control-centre.yaml @@ -0,0 +1,21 @@ +--- +apiVersion: platform.confluent.io/v1beta1 +kind: ControlCenter +metadata: + name: controlcenter +spec: + replicas: 1 + image: + application: confluentinc/cp-enterprise-control-center:7.1.0 + init: confluentinc/confluent-init-container:2.2.0-1 + dataVolumeCapacity: 10Gi + dependencies: + connect: + - name: connect + url: http://connect:8083 + ksqldb: + - name: ksqldb + url: http://ksqldb:8088 + schemaRegistry: + url: http://schemaregistry:8081 + diff --git a/base/cfk-components/confluent-no-auth-no-tls/kafka.yaml b/base/cfk-components/confluent-no-auth-no-tls/kafka.yaml new file mode 100644 index 0000000..4e7051d --- /dev/null +++ b/base/cfk-components/confluent-no-auth-no-tls/kafka.yaml @@ -0,0 +1,13 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: Kafka +metadata: + name: kafka +spec: + replicas: 3 + image: + application: confluentinc/cp-server:7.1.0 + init: confluentinc/confluent-init-container:2.3.0 + dataVolumeCapacity: 10Gi + metricReporter: + enabled: true + diff --git a/base/cfk-components/confluent-no-auth-no-tls/ksqldb/ksqldb.yaml b/base/cfk-components/confluent-no-auth-no-tls/ksqldb/ksqldb.yaml new file mode 100644 index 0000000..78ff0ce --- /dev/null +++ b/base/cfk-components/confluent-no-auth-no-tls/ksqldb/ksqldb.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: platform.confluent.io/v1beta1 +kind: KsqlDB +metadata: + name: ksqldb +spec: + replicas: 1 + image: + application: confluentinc/cp-ksqldb-server:7.1.0 + init: confluentinc/confluent-init-container:2.3.0 + dataVolumeCapacity: 10Gi \ No newline at end of file diff --git a/base/cfk-components/confluent-no-auth/ksqldb/kustomization.yaml b/base/cfk-components/confluent-no-auth-no-tls/ksqldb/kustomization.yaml similarity index 100% rename from base/cfk-components/confluent-no-auth/ksqldb/kustomization.yaml rename to base/cfk-components/confluent-no-auth-no-tls/ksqldb/kustomization.yaml diff --git a/base/cfk-components/confluent-no-auth-no-tls/kustomization.yaml b/base/cfk-components/confluent-no-auth-no-tls/kustomization.yaml new file mode 100644 index 0000000..ef22c91 --- /dev/null +++ b/base/cfk-components/confluent-no-auth-no-tls/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - zookeeper.yaml + - kafka.yaml + - control-centre.yaml +# - rest-class.yaml \ No newline at end of file diff --git a/base/cfk-components/confluent-no-auth/schmea-registry/kustomization.yaml b/base/cfk-components/confluent-no-auth-no-tls/schmea-registry/kustomization.yaml similarity index 100% rename from base/cfk-components/confluent-no-auth/schmea-registry/kustomization.yaml rename to base/cfk-components/confluent-no-auth-no-tls/schmea-registry/kustomization.yaml diff --git a/base/cfk-components/confluent-no-auth-no-tls/schmea-registry/schema-registry.yaml b/base/cfk-components/confluent-no-auth-no-tls/schmea-registry/schema-registry.yaml new file mode 100644 index 0000000..fb74387 --- /dev/null +++ b/base/cfk-components/confluent-no-auth-no-tls/schmea-registry/schema-registry.yaml @@ -0,0 +1,9 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: SchemaRegistry +metadata: + name: schemaregistry +spec: + replicas: 1 + image: + application: confluentinc/cp-schema-registry:7.1.0 + init: confluentinc/confluent-init-container:2.3.0 diff --git a/base/cfk-components/confluent-no-auth-no-tls/zookeeper.yaml b/base/cfk-components/confluent-no-auth-no-tls/zookeeper.yaml new file mode 100644 index 0000000..b5b4ff2 --- /dev/null +++ b/base/cfk-components/confluent-no-auth-no-tls/zookeeper.yaml @@ -0,0 +1,11 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: Zookeeper +metadata: + name: zookeeper +spec: + replicas: 3 + image: + application: confluentinc/cp-zookeeper:7.1.0 + init: confluentinc/confluent-init-container:2.3.0 + dataVolumeCapacity: 10Gi + logVolumeCapacity: 10Gi diff --git a/base/cfk-components/confluent-no-auth/connect/kafka-connect.yaml b/base/cfk-components/confluent-no-auth-tls/connect/kafka-connect.yaml similarity index 69% rename from base/cfk-components/confluent-no-auth/connect/kafka-connect.yaml rename to base/cfk-components/confluent-no-auth-tls/connect/kafka-connect.yaml index f233c1b..e794a68 100644 --- a/base/cfk-components/confluent-no-auth/connect/kafka-connect.yaml +++ b/base/cfk-components/confluent-no-auth-tls/connect/kafka-connect.yaml @@ -6,8 +6,8 @@ metadata: spec: replicas: 1 image: - application: confluentinc/cp-server-connect:7.0.1 - init: confluentinc/confluent-init-container:2.2.0 + application: confluentinc/cp-server-connect:7.1.0 + init: confluentinc/confluent-init-container:2.3.0 tls: autoGeneratedCerts: true dependencies: diff --git a/base/cfk-components/confluent-no-auth-tls/connect/kustomization.yaml b/base/cfk-components/confluent-no-auth-tls/connect/kustomization.yaml new file mode 100644 index 0000000..4d14434 --- /dev/null +++ b/base/cfk-components/confluent-no-auth-tls/connect/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - kafka-connect.yaml + diff --git a/base/cfk-components/confluent-no-auth/control-centre.yaml b/base/cfk-components/confluent-no-auth-tls/control-centre.yaml similarity index 85% rename from base/cfk-components/confluent-no-auth/control-centre.yaml rename to base/cfk-components/confluent-no-auth-tls/control-centre.yaml index 277940d..a504209 100644 --- a/base/cfk-components/confluent-no-auth/control-centre.yaml +++ b/base/cfk-components/confluent-no-auth-tls/control-centre.yaml @@ -12,8 +12,8 @@ spec: failureThreshold: 5 timeoutSeconds: 500 image: - application: confluentinc/cp-enterprise-control-center:7.0.1 - init: confluentinc/confluent-init-container:2.2.0 + application: confluentinc/cp-enterprise-control-center:7.1.0 + init: confluentinc/confluent-init-container:2.3.0 dataVolumeCapacity: 10Gi tls: autoGeneratedCerts: true diff --git a/base/cfk-components/confluent-no-auth-tls/kafka.yaml b/base/cfk-components/confluent-no-auth-tls/kafka.yaml new file mode 100644 index 0000000..56045cb --- /dev/null +++ b/base/cfk-components/confluent-no-auth-tls/kafka.yaml @@ -0,0 +1,27 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: Kafka +metadata: + name: kafka +spec: + replicas: 3 + image: + application: confluentinc/cp-server:7.1.0 + init: confluentinc/confluent-init-container:2.3.0 + dataVolumeCapacity: 10Gi + configOverrides: + server: + - confluent.schema.registry.url=https://schemaregistry:8081 + tls: + autoGeneratedCerts: true + listeners: + internal: + tls: + enabled: true + external: + tls: + enabled: true + dependencies: + zookeeper: + endpoint: zookeeper:2182 + tls: + enabled: true diff --git a/base/cfk-components/confluent-no-auth/ksqldb/ksqldb.yaml b/base/cfk-components/confluent-no-auth-tls/ksqldb/ksqldb.yaml similarity index 71% rename from base/cfk-components/confluent-no-auth/ksqldb/ksqldb.yaml rename to base/cfk-components/confluent-no-auth-tls/ksqldb/ksqldb.yaml index d016f12..7af4dc6 100644 --- a/base/cfk-components/confluent-no-auth/ksqldb/ksqldb.yaml +++ b/base/cfk-components/confluent-no-auth-tls/ksqldb/ksqldb.yaml @@ -6,8 +6,8 @@ metadata: spec: replicas: 1 image: - application: confluentinc/cp-ksqldb-server:7.0.1 - init: confluentinc/confluent-init-container:2.2.0 + application: confluentinc/cp-ksqldb-server:7.1.0 + init: confluentinc/confluent-init-container:2.3.0 dataVolumeCapacity: 10Gi tls: autoGeneratedCerts: true diff --git a/base/crds/kustomization.yaml b/base/cfk-components/confluent-no-auth-tls/ksqldb/kustomization.yaml similarity index 81% rename from base/crds/kustomization.yaml rename to base/cfk-components/confluent-no-auth-tls/ksqldb/kustomization.yaml index fca89bc..cbf0ee2 100644 --- a/base/crds/kustomization.yaml +++ b/base/cfk-components/confluent-no-auth-tls/ksqldb/kustomization.yaml @@ -1,4 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - crds + - ksqldb.yaml + diff --git a/base/cfk-components/confluent-no-auth/kustomization.yaml b/base/cfk-components/confluent-no-auth-tls/kustomization.yaml similarity index 100% rename from base/cfk-components/confluent-no-auth/kustomization.yaml rename to base/cfk-components/confluent-no-auth-tls/kustomization.yaml diff --git a/base/cfk-components/confluent-no-auth-tls/schmea-registry/kustomization.yaml b/base/cfk-components/confluent-no-auth-tls/schmea-registry/kustomization.yaml new file mode 100644 index 0000000..3d46e31 --- /dev/null +++ b/base/cfk-components/confluent-no-auth-tls/schmea-registry/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - schema-registry.yaml + diff --git a/base/cfk-components/confluent-no-auth-tls/schmea-registry/schema-registry.yaml b/base/cfk-components/confluent-no-auth-tls/schmea-registry/schema-registry.yaml new file mode 100644 index 0000000..068f861 --- /dev/null +++ b/base/cfk-components/confluent-no-auth-tls/schmea-registry/schema-registry.yaml @@ -0,0 +1,16 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: SchemaRegistry +metadata: + name: schemaregistry +spec: + replicas: 1 + image: + application: confluentinc/cp-schema-registry:7.1.0 + init: confluentinc/confluent-init-container:2.3.0 + tls: + autoGeneratedCerts: true + dependencies: + kafka: + bootstrapEndpoint: kafka:9071 + tls: + enabled: true diff --git a/base/cfk-components/confluent-no-auth/secrets/ca-pair-sslcerts.yaml b/base/cfk-components/confluent-no-auth-tls/secrets/ca-pair-sslcerts.yaml similarity index 100% rename from base/cfk-components/confluent-no-auth/secrets/ca-pair-sslcerts.yaml rename to base/cfk-components/confluent-no-auth-tls/secrets/ca-pair-sslcerts.yaml diff --git a/base/cfk-components/confluent-no-auth/secrets/kustomization.yaml b/base/cfk-components/confluent-no-auth-tls/secrets/kustomization.yaml similarity index 100% rename from base/cfk-components/confluent-no-auth/secrets/kustomization.yaml rename to base/cfk-components/confluent-no-auth-tls/secrets/kustomization.yaml diff --git a/base/cfk-components/confluent-no-auth/secrets/mds-public.yaml b/base/cfk-components/confluent-no-auth-tls/secrets/mds-public.yaml similarity index 100% rename from base/cfk-components/confluent-no-auth/secrets/mds-public.yaml rename to base/cfk-components/confluent-no-auth-tls/secrets/mds-public.yaml diff --git a/base/cfk-components/confluent-no-auth-tls/zookeeper.yaml b/base/cfk-components/confluent-no-auth-tls/zookeeper.yaml new file mode 100644 index 0000000..794a557 --- /dev/null +++ b/base/cfk-components/confluent-no-auth-tls/zookeeper.yaml @@ -0,0 +1,13 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: Zookeeper +metadata: + name: zookeeper +spec: + replicas: 3 + image: + application: confluentinc/cp-zookeeper:7.1.0 + init: confluentinc/confluent-init-container:2.3.0 + dataVolumeCapacity: 10Gi + logVolumeCapacity: 10Gi + tls: + autoGeneratedCerts: true \ No newline at end of file diff --git a/base/cfk-components/confluent-rbac/connect/kafka-connect.yaml b/base/cfk-components/confluent-rbac/connect/kafka-connect.yaml index 5a5b582..1733369 100644 --- a/base/cfk-components/confluent-rbac/connect/kafka-connect.yaml +++ b/base/cfk-components/confluent-rbac/connect/kafka-connect.yaml @@ -5,8 +5,8 @@ metadata: spec: replicas: 1 image: - application: confluentinc/cp-server-connect:7.0.1 - init: confluentinc/confluent-init-container:2.2.0 + application: confluentinc/cp-server-connect:7.1.0 + init: confluentinc/confluent-init-container:2.3.0 tls: autoGeneratedCerts: true authorization: diff --git a/base/cfk-components/confluent-rbac/control-centre.yaml b/base/cfk-components/confluent-rbac/control-centre.yaml index 78dfbfd..c05a460 100644 --- a/base/cfk-components/confluent-rbac/control-centre.yaml +++ b/base/cfk-components/confluent-rbac/control-centre.yaml @@ -11,8 +11,8 @@ spec: failureThreshold: 5 timeoutSeconds: 500 image: - application: confluentinc/cp-enterprise-control-center:7.0.1 - init: confluentinc/confluent-init-container:2.2.0 + application: confluentinc/cp-enterprise-control-center:7.1.0 + init: confluentinc/confluent-init-container:2.3.0 dataVolumeCapacity: 10Gi tls: autoGeneratedCerts: true diff --git a/base/cfk-components/confluent-rbac/kafka.yaml b/base/cfk-components/confluent-rbac/kafka.yaml index dc7e563..b6ca5d5 100644 --- a/base/cfk-components/confluent-rbac/kafka.yaml +++ b/base/cfk-components/confluent-rbac/kafka.yaml @@ -5,8 +5,8 @@ metadata: spec: replicas: 3 image: - application: confluentinc/cp-server:7.0.1 - init: confluentinc/confluent-init-container:2.2.0 + application: confluentinc/cp-server:7.1.0 + init: confluentinc/confluent-init-container:2.3.0 dataVolumeCapacity: 10Gi tls: autoGeneratedCerts: true @@ -18,8 +18,6 @@ spec: - listener.name.replication.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler - authorizer.class.name=io.confluent.kafka.security.authorizer.ConfluentServerAuthorizer - confluent.authorizer.access.rule.providers=ZK_ACL,CONFLUENT -# log4j: -# - log4j.logger.io.confluent.security.auth.provider.ldap.LdapGroupManager=DEBUG metricReporter: enabled: true authentication: diff --git a/base/cfk-components/confluent-rbac/ksqldb/ksqldb.yaml b/base/cfk-components/confluent-rbac/ksqldb/ksqldb.yaml index 92149d7..7735f32 100644 --- a/base/cfk-components/confluent-rbac/ksqldb/ksqldb.yaml +++ b/base/cfk-components/confluent-rbac/ksqldb/ksqldb.yaml @@ -5,8 +5,8 @@ metadata: spec: replicas: 1 image: - application: confluentinc/cp-ksqldb-server:7.0.1 - init: confluentinc/confluent-init-container:2.2.0 + application: confluentinc/cp-ksqldb-server:7.1.0 + init: confluentinc/confluent-init-container:2.3.0 dataVolumeCapacity: 10Gi tls: autoGeneratedCerts: true diff --git a/base/cfk-components/confluent-rbac/rest-proxy/restproxy.yaml b/base/cfk-components/confluent-rbac/rest-proxy/restproxy.yaml index 52cfe96..0605fac 100644 --- a/base/cfk-components/confluent-rbac/rest-proxy/restproxy.yaml +++ b/base/cfk-components/confluent-rbac/rest-proxy/restproxy.yaml @@ -4,8 +4,8 @@ metadata: name: kafkarestproxy spec: image: - application: confluentinc/cp-kafka-rest:7.0.1 - init: confluentinc/confluent-init-container:2.2.0-1 + application: confluentinc/cp-kafka-rest:7.1.0 + init: confluentinc/confluent-init-container:2.3.0 replicas: 1 tls: autoGeneratedCerts: true diff --git a/base/cfk-components/confluent-rbac/schema-registry/schema-registry.yaml b/base/cfk-components/confluent-rbac/schema-registry/schema-registry.yaml index 61bd1ff..bed2f9a 100644 --- a/base/cfk-components/confluent-rbac/schema-registry/schema-registry.yaml +++ b/base/cfk-components/confluent-rbac/schema-registry/schema-registry.yaml @@ -5,8 +5,8 @@ metadata: spec: replicas: 1 image: - application: confluentinc/cp-schema-registry:7.0.1 - init: confluentinc/confluent-init-container:2.2.0 + application: confluentinc/cp-schema-registry:7.1.0 + init: confluentinc/confluent-init-container:2.3.0 tls: autoGeneratedCerts: true authorization: diff --git a/base/cfk-components/confluent-rbac/zookeeper.yaml b/base/cfk-components/confluent-rbac/zookeeper.yaml index 1f85856..510e0d7 100644 --- a/base/cfk-components/confluent-rbac/zookeeper.yaml +++ b/base/cfk-components/confluent-rbac/zookeeper.yaml @@ -5,8 +5,8 @@ metadata: spec: replicas: 3 image: - application: confluentinc/cp-zookeeper:7.0.1 - init: confluentinc/confluent-init-container:2.2.0 + application: confluentinc/cp-zookeeper:7.1.0 + init: confluentinc/confluent-init-container:2.3.0 dataVolumeCapacity: 10Gi logVolumeCapacity: 10Gi tls: diff --git a/base/crds/README.md b/base/crds/README.md deleted file mode 100644 index f9441fe..0000000 --- a/base/crds/README.md +++ /dev/null @@ -1,9 +0,0 @@ -### Testing LDAP - - -#### To verify LDAP service is working -`kubectl exec -it -n tools ldap -- bash` - -``` -ldapsearch -LLL -x -H ldap://ldap.tools.svc.cluster.local:389 -b 'dc=test,dc=com' -D "cn=mds,dc=test,dc=com" -w 'Developer!' -``` \ No newline at end of file diff --git a/incubator/pki-vault--waiting-for-kafka-2.7/README.md b/broken/pki-vault--waiting-for-kafka-2.7/README.md similarity index 55% rename from incubator/pki-vault--waiting-for-kafka-2.7/README.md rename to broken/pki-vault--waiting-for-kafka-2.7/README.md index 0a2aa33..40698f6 100644 --- a/incubator/pki-vault--waiting-for-kafka-2.7/README.md +++ b/broken/pki-vault--waiting-for-kafka-2.7/README.md @@ -1,16 +1,30 @@ **NOTE!** ## This example is not presently working, as it would seem that [KIP-651](https://cwiki.apache.org/confluence/display/KAFKA/KIP-651+-+Support+PEM+format+for+SSL+certificates+and+private+key) is only available in version 2.7 of Kafka, whereas the latest version of Confluent Kafka at time of writing of is 2.6. -The error when trying to specify PEM files as per documntation is: +## Features + +| Feature | Enabled | Note | +|:----------------|:-------:|:--------------------------------------| +| Kafka/Zookeeper | ✅ | | +| Control Center | ✅ | | +| Connect | ❌ | | +| Schema Registry | ❌ | | +| KSQL | ❌ | | +| TLS Encryption | ✅ | Vault Certificates | +| Authentication | ✅ | RBAC | +| Authorization | ✅ | via LDAP (secrets populated by Vault) | +| Vault | ✅ | | + + +The error when trying to specify PEM files as per documentation is: ``` org.apache.kafka.common.errors.InvalidConfigurationException: SSL key store password cannot be specified with PEM format, only key password may be specified ``` -**How to run** -(all commands run from this directory) -* Deploy the neccessary CRDs by running `kubectl apply -k ../../kustomize/crds` +## Provision vault +Before deploying this example through the [usual process](../../GETTING_STARTED.md), we must provision vault: * Run `./vault_cert_generation.sh` script which will - Install Vault via the official hashicorp/vault helm chart - Enable the Vault PKI Secrets & Kubernetes engines @@ -19,6 +33,7 @@ org.apache.kafka.common.errors.InvalidConfigurationException: SSL key store pass - Sends intermediate CA CSR to the root CA for signing - Publishes the signed intermedia CA to vault - Creates vault roles/policy which will allow pods to generate certificates (this will be applied to the 'oso-confluent-vault-account' kubernetes service account) -* Deploy the confluent stack `kubectl apply -k .` + + As mentioned, this example is presently not working due to the issue mentioned above, if you however would like to see the certifiates in action, you can exec onto the zookeeper-0 pod, and navigate to `/vault/secrets`, where you will see two files: server.cert & server.key \ No newline at end of file diff --git a/incubator/pki-vault--waiting-for-kafka-2.7/confluent/control-centre.yaml b/broken/pki-vault--waiting-for-kafka-2.7/confluent/control-centre.yaml similarity index 100% rename from incubator/pki-vault--waiting-for-kafka-2.7/confluent/control-centre.yaml rename to broken/pki-vault--waiting-for-kafka-2.7/confluent/control-centre.yaml diff --git a/incubator/pki-vault--waiting-for-kafka-2.7/confluent/kafka.yaml b/broken/pki-vault--waiting-for-kafka-2.7/confluent/kafka.yaml similarity index 100% rename from incubator/pki-vault--waiting-for-kafka-2.7/confluent/kafka.yaml rename to broken/pki-vault--waiting-for-kafka-2.7/confluent/kafka.yaml diff --git a/broken/pki-vault--waiting-for-kafka-2.7/confluent/kustomization.yaml b/broken/pki-vault--waiting-for-kafka-2.7/confluent/kustomization.yaml new file mode 100644 index 0000000..5959aaf --- /dev/null +++ b/broken/pki-vault--waiting-for-kafka-2.7/confluent/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ../../../base/cfk-components/confluent-rbac +- service-account-control-center.yml +patchesStrategicMerge: + - zookeeper.yaml + - kafka.yaml + - control-centre.yaml \ No newline at end of file diff --git a/incubator/pki-vault--waiting-for-kafka-2.7/confluent/schema-registry.yaml b/broken/pki-vault--waiting-for-kafka-2.7/confluent/schema-registry.yaml similarity index 100% rename from incubator/pki-vault--waiting-for-kafka-2.7/confluent/schema-registry.yaml rename to broken/pki-vault--waiting-for-kafka-2.7/confluent/schema-registry.yaml diff --git a/incubator/pki-vault--waiting-for-kafka-2.7/confluent/service-account-controlcenter.yml b/broken/pki-vault--waiting-for-kafka-2.7/confluent/service-account-control-center.yml similarity index 100% rename from incubator/pki-vault--waiting-for-kafka-2.7/confluent/service-account-controlcenter.yml rename to broken/pki-vault--waiting-for-kafka-2.7/confluent/service-account-control-center.yml diff --git a/incubator/pki-vault--waiting-for-kafka-2.7/confluent/zookeeper.yaml b/broken/pki-vault--waiting-for-kafka-2.7/confluent/zookeeper.yaml similarity index 100% rename from incubator/pki-vault--waiting-for-kafka-2.7/confluent/zookeeper.yaml rename to broken/pki-vault--waiting-for-kafka-2.7/confluent/zookeeper.yaml diff --git a/broken/pki-vault--waiting-for-kafka-2.7/kustomization.yaml b/broken/pki-vault--waiting-for-kafka-2.7/kustomization.yaml new file mode 100644 index 0000000..b1380f2 --- /dev/null +++ b/broken/pki-vault--waiting-for-kafka-2.7/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - namespace.yaml + - confluent + + diff --git a/incubator/advanced-logging/namespace.yaml b/broken/pki-vault--waiting-for-kafka-2.7/namespace.yaml similarity index 100% rename from incubator/advanced-logging/namespace.yaml rename to broken/pki-vault--waiting-for-kafka-2.7/namespace.yaml diff --git a/incubator/pki-vault--waiting-for-kafka-2.7/vault_cert_generation.sh b/broken/pki-vault--waiting-for-kafka-2.7/vault_cert_generation.sh similarity index 100% rename from incubator/pki-vault--waiting-for-kafka-2.7/vault_cert_generation.sh rename to broken/pki-vault--waiting-for-kafka-2.7/vault_cert_generation.sh diff --git a/broken/replicator/README.md b/broken/replicator/README.md new file mode 100644 index 0000000..6ccc7df --- /dev/null +++ b/broken/replicator/README.md @@ -0,0 +1,50 @@ +# Replicator + +In this scenario example, you'll deploy two Confluent clusters. One is the source cluster, and one is the destination cluster. You'll deploy Confluent Replicator on the destination cluster, where it will copy topic messages from the source cluster and write to the destination cluster. + + +| Feature | Enabled | Note | +|:-----------------|:-------:|:-----------------------------| +| Kafka/Zookeeper | ✅ | | +| Control Center | ✅ | | +| Connect | ✅ | Connector running replicator | +| Schema Registry | ❌ | | +| KSQL | ❌ | | +| TLS Encryption | ✅ | Self-signed certificates | +| Authentication | ✅ | RBAC | +| Authorization | ✅ | via LDAP | + + + +5. Instantiate the Replicator Connector instance through the REST interface. You do this by using a JSON configuration file. `replicator.json` contains all the task configuration. To deploy the task simply run the following script: +```shell +./create_replication_job.sh +``` + +** NOTE: It may take sometime for the replicator-0 pod to become 'healthy' when running on a local minikube. + +#### Check the status of the Replicator Connector instance +``` +curl -u testadmin:testadmin -XGET -H "Content-Type: application/json" https://localhost:8083/connectors -k +curl -u testadmin:testadmin -XGET -H "Content-Type: application/json" https://localhost:8083/connectors/replicator/status -k +``` + +#### To delete the connector: + +``` +curl -u testadmin:testadmin -XDELETE -H "Content-Type: application/json" https://localhost:8083/connectors/replicator -k +``` + +### View in Control Center + +To connect and view the control centre you will beed to port forward from the C3 pod using the command below. Log in using username: `test-admin` password `test-admin` click the replicators tab and you should see the job running. +```shell +kubectl port-forward controlcenter-0 9021:9021 --namespace destination +``` + +Open your browser and hit: [https://localhost:9021](https://localhost:9021) +### Validate that it works + +Open Control center, select destination cluster, topic `${topic}_replica` where $topic is the name of the approved topic (whitelist). +You should start seeing messages flowing into the destination topic. + diff --git a/incubator/replicator/create_replication_job.sh b/broken/replicator/create_replication_job.sh similarity index 100% rename from incubator/replicator/create_replication_job.sh rename to broken/replicator/create_replication_job.sh diff --git a/broken/replicator/destination/kustomization.yaml b/broken/replicator/destination/kustomization.yaml new file mode 100644 index 0000000..d98f1f6 --- /dev/null +++ b/broken/replicator/destination/kustomization.yaml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: destination +resources: +- namespace.yaml +- ../../../base/cfk-components/confluent-rbac +- replicator.yaml +- replicator-rb.yaml +#patchesStrategicMerge: +## - rest-class.yaml diff --git a/incubator/replicator/destination/namespace.yaml b/broken/replicator/destination/namespace.yaml similarity index 100% rename from incubator/replicator/destination/namespace.yaml rename to broken/replicator/destination/namespace.yaml diff --git a/incubator/replicator/destination/replicator-rb.yaml b/broken/replicator/destination/replicator-rb.yaml similarity index 100% rename from incubator/replicator/destination/replicator-rb.yaml rename to broken/replicator/destination/replicator-rb.yaml diff --git a/incubator/replicator/destination/replicator.yaml b/broken/replicator/destination/replicator.yaml similarity index 100% rename from incubator/replicator/destination/replicator.yaml rename to broken/replicator/destination/replicator.yaml diff --git a/incubator/multi-tenacy/confluent/schema-registry.yaml b/broken/replicator/destination/schema-registry.yaml similarity index 80% rename from incubator/multi-tenacy/confluent/schema-registry.yaml rename to broken/replicator/destination/schema-registry.yaml index ddb59cf..f643834 100644 --- a/incubator/multi-tenacy/confluent/schema-registry.yaml +++ b/broken/replicator/destination/schema-registry.yaml @@ -9,7 +9,7 @@ spec: secretRef: tls-group1 dependencies: kafka: - bootstrapEndpoint: kafka.sandbox.svc.cluster.local:9071 + bootstrapEndpoint: kafka:9071 authentication: type: plain jaasConfig: @@ -17,7 +17,7 @@ spec: tls: enabled: true mds: - endpoint: https://kafka.sandbox.svc.cluster.local:8090 + endpoint: https://kafka:8090 tokenKeyPair: secretRef: mds-public authentication: diff --git a/incubator/replicator/kustomization.yaml b/broken/replicator/kustomization.yaml similarity index 89% rename from incubator/replicator/kustomization.yaml rename to broken/replicator/kustomization.yaml index c831074..fdb5e09 100644 --- a/incubator/replicator/kustomization.yaml +++ b/broken/replicator/kustomization.yaml @@ -3,5 +3,4 @@ kind: Kustomization resources: - source - destination - - operator - producer \ No newline at end of file diff --git a/incubator/replicator/producer/kafka-client-config-secure.yaml b/broken/replicator/producer/kafka-client-config-secure.yaml similarity index 100% rename from incubator/replicator/producer/kafka-client-config-secure.yaml rename to broken/replicator/producer/kafka-client-config-secure.yaml diff --git a/incubator/replicator/producer/kafka.properties b/broken/replicator/producer/kafka.properties similarity index 100% rename from incubator/replicator/producer/kafka.properties rename to broken/replicator/producer/kafka.properties diff --git a/incubator/replicator/producer/kustomization.yaml b/broken/replicator/producer/kustomization.yaml similarity index 100% rename from incubator/replicator/producer/kustomization.yaml rename to broken/replicator/producer/kustomization.yaml diff --git a/incubator/replicator/producer/rbac-producer-app.yaml b/broken/replicator/producer/rbac-producer-app.yaml similarity index 100% rename from incubator/replicator/producer/rbac-producer-app.yaml rename to broken/replicator/producer/rbac-producer-app.yaml diff --git a/incubator/replicator/replicator.json b/broken/replicator/replicator.json similarity index 100% rename from incubator/replicator/replicator.json rename to broken/replicator/replicator.json diff --git a/broken/replicator/source/kustomization.yaml b/broken/replicator/source/kustomization.yaml new file mode 100644 index 0000000..cc3e439 --- /dev/null +++ b/broken/replicator/source/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: sandbox +resources: +- namespace.yaml +- ../../../base/cfk-components/confluent-rbac +- source-topic.yaml +#patchesStrategicMerge: +# - rest-class.yaml +# - zookeeper.yaml +# - kafka.yaml diff --git a/broken/replicator/source/namespace.yaml b/broken/replicator/source/namespace.yaml new file mode 100644 index 0000000..6163026 --- /dev/null +++ b/broken/replicator/source/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: source diff --git a/incubator/replicator/source/source-topic.yaml b/broken/replicator/source/source-topic.yaml similarity index 100% rename from incubator/replicator/source/source-topic.yaml rename to broken/replicator/source/source-topic.yaml diff --git a/incubator/advanced-logging/control-center.yaml b/incubator/advanced-logging/control-center.yaml deleted file mode 100644 index fcb8edb..0000000 --- a/incubator/advanced-logging/control-center.yaml +++ /dev/null @@ -1,49 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: ControlCenter -metadata: - name: controlcenter -spec: - configOverrides: - server: - - confluent.controlcenter.internal.topics.replication=1 - - confluent.controlcenter.command.topic.replication=1 - - confluent.monitoring.interceptor.topic.replication=1 - - confluent.metrics.topic.replication=1 - replicas: 1 - podTemplate: - probe: - liveness: - periodSeconds: 10 - failureThreshold: 5 - timeoutSeconds: 500 - image: - application: confluentinc/cp-enterprise-control-center:7.0.1 - init: confluentinc/confluent-init-container:2.2.0 - dataVolumeCapacity: 10Gi - tls: - autoGeneratedCerts: true - authorization: - type: rbac - dependencies: - kafka: - bootstrapEndpoint: kafka:9071 - authentication: - type: plain - jaasConfig: - secretRef: credential - tls: - enabled: true - mds: - endpoint: https://kafka:8090 - tokenKeyPair: - secretRef: credential - authentication: - type: bearer - bearer: - secretRef: credential - tls: - enabled: true - connect: null - ksqldb: null - schemaRegistry: null - diff --git a/incubator/advanced-logging/kafka.yaml b/incubator/advanced-logging/kafka.yaml deleted file mode 100644 index 804c4b4..0000000 --- a/incubator/advanced-logging/kafka.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: Kafka -metadata: - name: kafka -spec: - replicas: 1 - configOverrides: - server: - - confluent.schema.registry.url=https://schemaregistry:8081 - - listener.name.internal.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler - - listener.name.external.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler - - listener.name.replication.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler - - authorizer.class.name=io.confluent.kafka.security.authorizer.ConfluentServerAuthorizer - - confluent.authorizer.access.rule.providers=ZK_ACL,CONFLUENT - - confluent.balancer.topic.replication.factor=1 - - confluent.license.topic.replication.factor=1 - - confluent.tier.metadata.replication.factor=1 - - confluent.metadata.topic.replication.factor=1 - - confluent.metrics.reporter.topic.replicas=1 - - confluent.balancer.topic.replication.factor=1 - - confluent.security.event.logger.exporter.kafka.topic.replicas=1 - - default.replication.factor=1 - - event.logger.exporter.kafka.topic.replicas=1 - - offsets.topic.replication.factor=1 -# log4j: -# - log4j.logger.io.confluent.security.auth.provider.ldap.LdapGroupManager=DEBUG diff --git a/incubator/advanced-logging/kustomization.yaml b/incubator/advanced-logging/kustomization.yaml deleted file mode 100644 index d912c2a..0000000 --- a/incubator/advanced-logging/kustomization.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: sandbox -resources: - - ../../base/operator - - ../../base/cfk-components/confluent-rbac - - namespace.yaml -patchesStrategicMerge: - - kafka.yaml - - control-center.yaml - - zookeeper.yaml - -# - confluent/rest-class.yaml diff --git a/incubator/advanced-logging/log4j.conf b/incubator/advanced-logging/log4j.conf deleted file mode 100644 index 14aef8d..0000000 --- a/incubator/advanced-logging/log4j.conf +++ /dev/null @@ -1,63 +0,0 @@ -###log4j config options -### Metadata service logging -```shell -- log4j.appender.metadataServiceAppender=org.apache.log4j.RollingFileAppender -- log4j.appender.metadataServiceAppender.File=/tmp/meta-data-service.log -- log4j.appender.metadataServiceAppender.layout=org.apache.log4j.PatternLayout -- log4j.appender.metadataServiceAppender.layout.ConversionPattern=[%d] %m %n -- log4j.appender.metadataServiceAppender.Append=true -- log4j.appender.metadataServiceAppender.MaxBackupIndex=10 -- log4j.appender.metadataServiceAppender.MaxFileSize=100MB -``` -### RBAC debug -```shell -- log4j.appender.rbacCRUDAppender=org.apache.log4j.RollingFileAppender -- log4j.appender.metadataServiceAppender.File=/tmp/rbac-access-logs.log -- log4j.appender.metadataServiceAppender.layout=org.apache.log4j.PatternLayout -- log4j.appender.metadataServiceAppender.layout.ConversionPattern=[%d] %m %n -- log4j.category.io.confluent.security.auth.store.kafka.KafkaAuthWriter=DEBUG, rbacCRUDAppender -``` -### Full examples -```shell -kafka.root.logger.level=INFO -log4j.rootLogger=WARN, CONSOLE -log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout -log4j.appender.CONSOLE.layout.ConversionPattern=%d{ISO8601} %p %m (%c) [%t]%n -log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender -# Change the two lines below to adjust ZK client logging -log4j.logger.org.I0Itec.zkclient.ZkClient=INFO -log4j.logger.org.apache.zookeeper=INFO -# Change the two lines below to adjust the general broker logging level (output to server.log and stdout) -log4j.logger.kafka=INFO -log4j.logger.org.apache.kafka=INFO -# Kafka Loggers -# Change to DEBUG or TRACE to enable request logging -log4j.logger.kafka.request.logger=WARN -log4j.logger.kafka.network.Processor=OFF -log4j.logger.kafka.server.KafkaApis=OFF -log4j.logger.kafka.network.RequestChannel$=WARN -log4j.logger.kafka.controller=TRACE -log4j.logger.kafka.log.LogCleaner=INFO -# Authorizer log4j configuration -log4j.appender.authorizerAppender=org.apache.log4j.RollingFileAppender -log4j.appender.authorizerAppender.File=/tmp/kafka-authorizer.log -log4j.appender.authorizerAppender.layout=org.apache.log4j.PatternLayout -log4j.appender.authorizerAppender.layout.ConversionPattern=[%d] %m %n -log4j.appender.authorizerAppender.Append=true -log4j.appender.authorizerAppender.MaxBackupIndex=10 -log4j.appender.authorizerAppender.MaxFileSize=100MB -# Access denials are logged at INFO level, change to DEBUG to also log allowed accesses -log4j.logger.kafka.authorizer.logger=INFO, authorizerAppender -log4j.additivity.io.confluent.common.security.jetty=false -log4j.additivity.io.confluent.rbacapi=false -log4j.additivity.io.confluent.rest-utils=false -log4j.additivity.io.confluent.security.auth=false -log4j.additivity.io.confluent.security.store=false -log4j.additivity.io.confluent.tokenapi=false -log4j.logger.io.confluent.common.security.jetty=DEBUG, metadataServiceAppender -log4j.logger.io.confluent.rbacapi=DEBUG, metadataServiceAppender -log4j.logger.io.confluent.rest-utils=DEBUG, metadataServiceAppender -log4j.logger.io.confluent.security.auth=DEBUG, metadataServiceAppender -log4j.logger.io.confluent.security.store=DEBUG, metadataServiceAppender -log4j.logger.io.confluent.tokenapi=DEBUG, metadataServiceAppender -``` \ No newline at end of file diff --git a/incubator/advanced-logging/zookeeper.yaml b/incubator/advanced-logging/zookeeper.yaml deleted file mode 100644 index 02c830d..0000000 --- a/incubator/advanced-logging/zookeeper.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: Zookeeper -metadata: - name: zookeeper -spec: - replicas: 1 diff --git a/incubator/argo-cd/README.md b/incubator/argo-cd/README.md deleted file mode 100644 index c5863ea..0000000 --- a/incubator/argo-cd/README.md +++ /dev/null @@ -1,27 +0,0 @@ -kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d; echo - - -## Create a secret which will store our ldap user credentials -kubectl create secret generic sealed-credential --dry-run=client --from-file=ldap.txt=./ldap.txt --from-file=bearer.txt=./bearer.txt --from-file=plain-jaas.conf=./plain-jaas.conf -o yaml > sealed-credential-source.yaml - -## Creat Sealed Secret (this must be created after sealed-secrets has been deployed) -kubeseal --scope cluster-wide ./sealed-credential.yaml --controller-name=sealed-secrets --controller-namespace default - -kubeseal --scope cluster-wide ../environments/base/secrets/sealed-credential.yaml --controller-name=sealed-secrets --controller-namespace default - -kubectl apply -f sealed-credential.yaml -``` -sealedsecret.bitnami.com/sealed-credential created -``` - - - -## Sealed Secrets -Install a local kubeseal CLI - -helm repo add sealed-secrets https://bitnami-labs.github.io/sealed-secrets -helm search repo confluent --versions -helm template sealed-secrets/sealed-secrets --version 2.1.4 --include-crds --output-dir . - - - diff --git a/incubator/argo-cd/argo-apps/sealed-secrets.yaml b/incubator/argo-cd/argo-apps/sealed-secrets.yaml deleted file mode 100644 index ec9df68..0000000 --- a/incubator/argo-cd/argo-apps/sealed-secrets.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: sealed-secrets - namespace: argocd -spec: - project: default - source: - chart: sealed-secrets - repoURL: https://bitnami-labs.github.io/sealed-secrets - targetRevision: 2.1.4 - helm: - releaseName: sealed-secrets - destination: - server: https://kubernetes.default.svc - namespace: default - syncPolicy: - automated: - prune: true - selfHeal: true \ No newline at end of file diff --git a/incubator/external-mtls/README.md b/incubator/external-mtls/README.md deleted file mode 100644 index 8a90a9f..0000000 --- a/incubator/external-mtls/README.md +++ /dev/null @@ -1,7 +0,0 @@ -## External mTLS -In this example we will: - -* Generate a CA for certificate signing, which will be used for AutoGenerated certificate between the confluent components -* Use the same CA to generate a client certificate -* Write an ACL rule to allow client to write to topic -* Use client certificate to write to a topic using the stand alone rest proxy (new to CFK 2.2) \ No newline at end of file diff --git a/incubator/julieOps/README.md b/incubator/julieOps/README.md deleted file mode 100644 index c4e18e0..0000000 --- a/incubator/julieOps/README.md +++ /dev/null @@ -1,11 +0,0 @@ -### Running julieOps as a docker image -``` -docker run -t -i \ - -v /home/mccullya/Projects/oso/confluent-kubernetes-playground/incubator/julieOps:/example \ - purbon/kafka-topology-builder:latest \ - julie-ops-cli.sh \ - --brokers pkc-8vkm7.eu-west-2.aws.confluent.cloud:9092 \ - --clientConfig /example/topology-builder-with-schema-cloud.properties \ - --plans /example/plans.yaml \ - --topology /example/descriptor.yaml -quiet -``` diff --git a/incubator/julieOps/descriptor.yaml b/incubator/julieOps/descriptor.yaml deleted file mode 100644 index c229264..0000000 --- a/incubator/julieOps/descriptor.yaml +++ /dev/null @@ -1,25 +0,0 @@ ---- -context: "contextOrg" -source: "source" -projects: - - name: "foo" - topics: - - name: "foo" - config: - replication.factor: "3" - num.partitions: "1" - - name: "fooBar" - plan: "silver" - config: - replication.factor: "3" - - name: "barFooBar2" - plan: "gold" - config: - replication.factor: "3" - - name: "bar" - topics: - - dataType: "avro" - name: "bar" - config: - replication.factor: "3" - num.partitions: "1" diff --git a/incubator/julieOps/plans.yaml b/incubator/julieOps/plans.yaml deleted file mode 100644 index 333aaaf..0000000 --- a/incubator/julieOps/plans.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -plans: - gold: - alias: "gold" - config: - retention.ms: "5000" - max.message.bytes: "7340116" - silver: - alias: "silver" - config: - retention.ms: "6000" - max.message.bytes: "524294" diff --git a/incubator/julieOps/topology-builder-with-schema-cloud.properties b/incubator/julieOps/topology-builder-with-schema-cloud.properties deleted file mode 100644 index 9a73b2e..0000000 --- a/incubator/julieOps/topology-builder-with-schema-cloud.properties +++ /dev/null @@ -1,22 +0,0 @@ -bootstrap.servers=pkc-e8mp5.eu-west-1.aws.confluent.cloud:9092 -security.protocol=SASL_SSL -sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="" password=""; -ssl.endpoint.identification.algorithm=https -sasl.mechanism=PLAIN -# Confluent Cloud Schema Registry -schema.registry.url= -basic.auth.credentials.source=USER_INFO -schema.registry.basic.auth.user.info=: -ccloud.environment=env-j9wgp -ccloud.cluster.api.key= -ccloud.cluster.api.secret= -ccloud.cloud.api.key= -ccloud.cloud.api.secret= -topology.builder.ccloud.kafka.cluster.id=lkc-jkz1m -ccloud.cluster.url= -topology.builder.access.control.class = com.purbon.kafka.topology.roles.CCloudAclsProvider -# julie.enable.principal.management = true -# allow.delete.principals = true -# allow.delete.topics = true -# topology.state.cluster.enabled = false -# topology.state.topics.cluster.enabled = false \ No newline at end of file diff --git a/incubator/multi-tenacy/README.md b/incubator/multi-tenacy/README.md index 09c6b58..22b899b 100644 --- a/incubator/multi-tenacy/README.md +++ b/incubator/multi-tenacy/README.md @@ -1,17 +1,19 @@ # Multi tenancy Kafka (NICE!) A multi tenant RBAC enabled production Confluent Platform install. This example showcases how large highly regulated enterprises can leverage CFK to securely deploy Kafka As A Service (KAAS) -### Deploy CRDs -Deploy the CRDS using the standard way: -```shell -kubectl apply -k ../../kustomize/crds -``` - -### Deploy Confluent Operator, Confluent Services, two namespaces with tenant topics -Deploy the confluent operator and services: -```shell -kubectl apply -k . -``` +## Features + +| Feature | Enabled | Note | +|:-----------------|:-------:|:-------------------------| +| Kafka/Zookeeper | ✅ | | +| Control Center | ✅ | | +| Connect | ❌ | | +| Schema Registry | ❌ | | +| KSQL | ❌ | | +| TLS Encryption | ✅ | Self-signed certificates | +| Authentication | ✅ | | +| Authorization | ✅ | via LDAP | + ### Using KafkaRestClass in multiple namespaces KafkaRestClass is an abstraction that contains information about address and credentials to enable something to talk to a Kafka REST MDS endpoint. We can use this per tenant to authenticate different users in different namespaces. diff --git a/incubator/multi-tenacy/confluent/control-centre.yaml b/incubator/multi-tenacy/confluent/control-centre.yaml deleted file mode 100644 index 05ca132..0000000 --- a/incubator/multi-tenacy/confluent/control-centre.yaml +++ /dev/null @@ -1,42 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: ControlCenter -metadata: - name: controlcenter -spec: - authorization: - type: rbac - tls: - secretRef: tls-group1 - dependencies: - kafka: - bootstrapEndpoint: kafka.sandbox.svc.cluster.local:9071 - authentication: - type: plain - jaasConfig: - secretRef: mds-client-connect - tls: - enabled: true - mds: - endpoint: https://kafka.sandbox.svc.cluster.local:8090 - tokenKeyPair: - secretRef: mds-public - authentication: - type: bearer - bearer: - secretRef: mds-client-c3 - tls: - enabled: true - connect: - - name: connect - url: https://connect.sandbox.svc.cluster.local:8083 - tls: - enabled: true - ksqldb: - - name: ksqldb - url: https://ksqldb.sandbox.svc.cluster.local:8088 - tls: - enabled: true - schemaRegistry: - url: https://schemaregistry.sandbox.svc.cluster.local:8081 - tls: - enabled: true \ No newline at end of file diff --git a/incubator/multi-tenacy/confluent/kafka.yaml b/incubator/multi-tenacy/confluent/kafka.yaml deleted file mode 100644 index 406ac78..0000000 --- a/incubator/multi-tenacy/confluent/kafka.yaml +++ /dev/null @@ -1,85 +0,0 @@ ---- -apiVersion: platform.confluent.io/v1beta1 -kind: Kafka -metadata: - name: kafka -spec: - configOverrides: - server: - - confluent.schema.registry.url=https://schemaregistry.sandbox.svc.cluster.local:8081 - - listener.name.internal.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler - - listener.name.external.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler - - listener.name.replication.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler - - authorizer.class.name=io.confluent.kafka.security.authorizer.ConfluentServerAuthorizer - - confluent.authorizer.access.rule.providers=ZK_ACL,CONFLUENT - log4j: - - log4j.logger.io.confluent.security.auth.provider.ldap.LdapGroupManager=DEBUG - tls: - secretRef: tls-group1 - metricReporter: - enabled: true - authentication: - type: plain - jaasConfigPassThrough: - secretRef: broker-credential - tls: - enabled: true - listeners: - internal: - authentication: - type: plain - jaasConfigPassThrough: - secretRef: broker-credential - tls: - enabled: true - external: - authentication: - type: plain - jaasConfigPassThrough: - secretRef: broker-credential - tls: - enabled: true - authorization: - type: rbac - superUsers: - - User:kafka - services: - mds: - tls: - enabled: true - tokenKeyPair: - secretRef: broker-credential - provider: - type: ldap - ldap: - address: ldap://ldap.sandbox.svc.cluster.local:389 - authentication: - type: simple - simple: - secretRef: broker-credential - tls: - enabled: true - configurations: - groupNameAttribute: cn - groupObjectClass: groupOfNames - groupMemberAttribute: member - groupMemberAttributePattern: cn=(.*),ou=users,dc=test,dc=com - groupSearchBase: ou=groups,dc=test,dc=com - userNameAttribute: cn - userMemberOfAttributePattern: cn=(.*),ou=users,dc=test,dc=com - userObjectClass: organizationalRole - userSearchBase: ou=users,dc=test,dc=com - dependencies: - kafkaRest: - authentication: - type: bearer - bearer: - secretRef: broker-credential - zookeeper: - endpoint: zookeeper.sandbox.svc.cluster.local:2182 - authentication: - type: digest - jaasConfig: - secretRef: broker-credential - tls: - enabled: true diff --git a/incubator/multi-tenacy/confluent/kustomization.yaml b/incubator/multi-tenacy/confluent/kustomization.yaml index fc5da53..2b2e352 100644 --- a/incubator/multi-tenacy/confluent/kustomization.yaml +++ b/incubator/multi-tenacy/confluent/kustomization.yaml @@ -2,13 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: sandbox resources: - - ldap.yaml - - ../../../kustomize/base/confluent - - ../../../kustomize/base/secrets-tls - - ../../../kustomize/base/secrets-user + - ../../../base/cfk-components/confluent-rbac patchesStrategicMerge: - - zookeeper.yaml - - kafka.yaml - rest-class.yaml - - control-centre.yaml - - schema-registry.yaml \ No newline at end of file diff --git a/incubator/multi-tenacy/confluent/ldap.yaml b/incubator/multi-tenacy/confluent/ldap.yaml deleted file mode 100644 index b0c725e..0000000 --- a/incubator/multi-tenacy/confluent/ldap.yaml +++ /dev/null @@ -1,170 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: ldap - labels: - role: ldap - app: ldap -spec: - containers: - - name: ldap - args: - - --copy-service - - --loglevel=debug - image: osixia/openldap:1.3.0 - ports: - - name: ldap - containerPort: 389 - - name: ldaps - containerPort: 636 - livenessProbe: - tcpSocket: - port: 389 - initialDelaySeconds: 15 - periodSeconds: 20 - env: - - name: LDAP_ORGANISATION - value: "Test Inc." - - name: LDAP_DOMAIN - value: "test.com" - - name: LDAP_ADMIN_PASSWORD - value: "confluentrox" - - name: LDAP_CONFIG_PASSWORD - value: "confluentconfigrox" - - name: LDAP_READONLY_USER - value: "True" - - name: LDAP_READONLY_USER_USERNAME - value: "mds" - - name: LDAP_READONLY_USER_PASSWORD - value: "Developer!" - - name: LDAP_TLS - value: "False" - volumeMounts: - - mountPath: /container/service/slapd/assets/config/bootstrap/ldif/custom - name: customldif - - mountPath: /var/lib/ldap - name: ldap-data - - mountPath: /etc/ldap/slapd.d - name: ldap-config - volumes: - - name: customldif - configMap: - defaultMode: 420 - name: ldap-ldifs - - name: ldap-data - emptyDir: {} - - name: ldap-config - emptyDir: {} - restartPolicy: Always ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: ldap-ldifs -data: - 0_groups.ldif: |- - dn: ou=groups,dc=test,dc=com - objectClass: organizationalUnit - objectClass: top - ou: groups - 0_users.ldif: |- - dn: ou=users,dc=test,dc=com - objectClass: organizationalUnit - objectClass: top - ou: users - 1_emmy.ldif: |- - dn: cn=emmy,ou=users,dc=test,dc=com - userPassword: emmy-secret - objectClass: simpleSecurityObject - objectClass: organizationalRole - description: Interested in action and conservation. If you like it, you should put a Noetherian Ring on it. - cn: emmy - 1_alice.ldif: |- - dn: cn=alice,ou=users,dc=test,dc=com - userPassword: alice-secret - objectClass: simpleSecurityObject - objectClass: organizationalRole - description: Alice is great at changing perspectives, but sometimes chases down rabbit holes - cn: alice - 1_developers.ldif: |- - dn: cn=developers,ou=groups,dc=test,dc=com - objectClass: top - objectClass: groupOfNames - description: A group of software developers and the apps they are responsible for - cn: developers - member: cn=alice,ou=users,dc=test,dc=com - 1_kafka.ldif: |- - dn: cn=kafka,ou=users,dc=test,dc=com - userPassword: kafka-secret - description: kafka user - objectClass: simpleSecurityObject - objectClass: organizationalRole - cn: kafka - 1_erp.ldif: |- - dn: cn=erp,ou=users,dc=test,dc=com - userPassword: erp-secret - description: erp user - objectClass: simpleSecurityObject - objectClass: organizationalRole - cn: erp - 1_sr.ldif: |- - dn: cn=sr,ou=users,dc=test,dc=com - userPassword: sr-secret - description: schema registry user - objectClass: simpleSecurityObject - objectClass: organizationalRole - cn: sr - 1_c3.ldif: |- - dn: cn=c3,ou=users,dc=test,dc=com - userPassword: c3-secret - description: control center user - objectClass: simpleSecurityObject - objectClass: organizationalRole - cn: c3 - 1_ksql.ldif: |- - dn: cn=ksql,ou=users,dc=test,dc=com - userPassword: ksql-secret - description: ksql user - objectClass: simpleSecurityObject - objectClass: organizationalRole - cn: ksql - 1_connect.ldif: |- - dn: cn=connect,ou=users,dc=test,dc=com - userPassword: connect-secret - description: connect user - objectClass: simpleSecurityObject - objectClass: organizationalRole - cn: connect - 1_replicator.ldif: |- - dn: cn=replicator,ou=users,dc=test,dc=com - userPassword: replicator-secret - description: replicator user - objectClass: simpleSecurityObject - objectClass: organizationalRole - cn: replicator - 1_c3-test.ldif: |- - dn: cn=testadmin,ou=users,dc=test,dc=com - userPassword: testadmin - description: testadmin user - objectClass: simpleSecurityObject - objectClass: organizationalRole - cn: testadmin ---- -apiVersion: v1 -kind: Service -metadata: - name: ldap - labels: - app: ldap -spec: - ports: - - port: 389 - name: ldap - - port: 636 - name: ldaps - clusterIP: None - selector: - app: ldap - - - diff --git a/incubator/multi-tenacy/confluent/zookeeper.yaml b/incubator/multi-tenacy/confluent/zookeeper.yaml deleted file mode 100644 index 73286c2..0000000 --- a/incubator/multi-tenacy/confluent/zookeeper.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: Zookeeper -metadata: - name: zookeeper -spec: - authentication: - type: digest - jaasConfig: - secretRef: zk-credential - tls: - secretRef: tls-group1 diff --git a/incubator/multi-tenacy/kustomization.yaml b/incubator/multi-tenacy/kustomization.yaml index c0afb5c..9cc8f89 100644 --- a/incubator/multi-tenacy/kustomization.yaml +++ b/incubator/multi-tenacy/kustomization.yaml @@ -1,8 +1,8 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: + - namespace.yaml - open-policy-agent - confluent - - operator - tenant-a - tenant-b \ No newline at end of file diff --git a/incubator/pki-vault--waiting-for-kafka-2.7/namespace.yaml b/incubator/multi-tenacy/namespace.yaml similarity index 100% rename from incubator/pki-vault--waiting-for-kafka-2.7/namespace.yaml rename to incubator/multi-tenacy/namespace.yaml diff --git a/incubator/multi-tenacy/operator/deployment.yaml b/incubator/multi-tenacy/operator/deployment.yaml deleted file mode 100644 index 705a26c..0000000 --- a/incubator/multi-tenacy/operator/deployment.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: confluent-operator -spec: - template: - spec: - containers: - - args: - - --debug=false - - --namespaces=sandbox,tenant-a,tenant-b - name: confluent-operator diff --git a/incubator/multi-tenacy/operator/kustomization.yaml b/incubator/multi-tenacy/operator/kustomization.yaml deleted file mode 100644 index ec102c5..0000000 --- a/incubator/multi-tenacy/operator/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: sandbox -resources: -- ../../../kustomize/base/operator -patchesStrategicMerge: - - deployment.yaml \ No newline at end of file diff --git a/incubator/pki-vault--waiting-for-kafka-2.7/confluent/kafka-connect.yaml b/incubator/pki-vault--waiting-for-kafka-2.7/confluent/kafka-connect.yaml deleted file mode 100644 index ae8ceb3..0000000 --- a/incubator/pki-vault--waiting-for-kafka-2.7/confluent/kafka-connect.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: platform.confluent.io/v1beta1 -kind: Connect -metadata: - name: connect -spec: - tls: - secretRef: tls-group1 - dependencies: - kafka: - bootstrapEndpoint: kafka.sandbox.svc.cluster.local:9071 - tls: - enabled: true - diff --git a/incubator/pki-vault--waiting-for-kafka-2.7/confluent/ksqldb.yaml b/incubator/pki-vault--waiting-for-kafka-2.7/confluent/ksqldb.yaml deleted file mode 100644 index 940dca4..0000000 --- a/incubator/pki-vault--waiting-for-kafka-2.7/confluent/ksqldb.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: platform.confluent.io/v1beta1 -kind: KsqlDB -metadata: - name: ksqldb -spec: - tls: - autoGeneratedCerts: true - dependencies: - kafka: - bootstrapEndpoint: kafka.sandbox.svc.cluster.local:9071 - tls: - enabled: true diff --git a/incubator/pki-vault--waiting-for-kafka-2.7/confluent/kustomization.yaml b/incubator/pki-vault--waiting-for-kafka-2.7/confluent/kustomization.yaml deleted file mode 100644 index 9297396..0000000 --- a/incubator/pki-vault--waiting-for-kafka-2.7/confluent/kustomization.yaml +++ /dev/null @@ -1,12 +0,0 @@ -namespace: sandbox -resources: -- ../../../kustomize/base/confluent-rbac -- ../../../kustomize/base/confluent-rbac/secrets -- service-account-controlcenter.yml -patchesStrategicMerge: - - zookeeper.yaml - - kafka.yaml - - control-centre.yaml - - kafka-connect.yaml - - ksqldb.yaml - - schema-registry.yaml \ No newline at end of file diff --git a/incubator/pki-vault--waiting-for-kafka-2.7/kustomization.yaml b/incubator/pki-vault--waiting-for-kafka-2.7/kustomization.yaml deleted file mode 100644 index e5dc922..0000000 --- a/incubator/pki-vault--waiting-for-kafka-2.7/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -resources: - - namespace.yaml - - confluent - - operator - diff --git a/incubator/pki-vault--waiting-for-kafka-2.7/operator/clusterrolebinding.yaml b/incubator/pki-vault--waiting-for-kafka-2.7/operator/clusterrolebinding.yaml deleted file mode 100644 index 08c3483..0000000 --- a/incubator/pki-vault--waiting-for-kafka-2.7/operator/clusterrolebinding.yaml +++ /dev/null @@ -1,8 +0,0 @@ -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: confluent-operator -subjects: -- kind: ServiceAccount - name: confluent-for-kubernetes - namespace: sandbox diff --git a/incubator/pki-vault--waiting-for-kafka-2.7/operator/deployment.yaml b/incubator/pki-vault--waiting-for-kafka-2.7/operator/deployment.yaml deleted file mode 100644 index 71998eb..0000000 --- a/incubator/pki-vault--waiting-for-kafka-2.7/operator/deployment.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: confluent-operator -spec: - template: - spec: - containers: - - args: - - --debug=false - - --namespaces=sandbox - name: confluent-operator diff --git a/incubator/pki-vault--waiting-for-kafka-2.7/operator/kustomization.yaml b/incubator/pki-vault--waiting-for-kafka-2.7/operator/kustomization.yaml deleted file mode 100644 index c3fa8fe..0000000 --- a/incubator/pki-vault--waiting-for-kafka-2.7/operator/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ -namespace: sandbox -resources: -- ../../../kustomize/base/operator -patchesStrategicMerge: - - clusterrolebinding.yaml - - deployment.yaml \ No newline at end of file diff --git a/incubator/replicator/README.md b/incubator/replicator/README.md deleted file mode 100644 index 69eab44..0000000 --- a/incubator/replicator/README.md +++ /dev/null @@ -1,88 +0,0 @@ -# Replicator - -In this scenario example, you'll deploy two Confluent clusters. One is the source cluster, and one is the destination cluster. You'll deploy Confluent Replicator on the destination cluster, where it will copy topic messages from the source cluster and write to the destination cluster. - -1. Generate certificates for source and destination clusters. For this example we are going to include both in a single keystore / truststore. In a production environment these would be individual jks. -```shell - cd resources/certificates - ./generate_certificate.sh replicator-server-domiains.json -``` - -2. Navigate to the replicator directory where the rest of these commands will be run from: -```shell -cd examples/replicator -``` - -3. Deploy the CRDS using the standard way: -```shell -kubectl apply -k ../../kustomize/crds -``` - -3. Deploy the replicator which use Kustomize to pull in the base and example overlays using the following -```shell -kubectl apply -k . -``` - -4. Using a tool like [K9s](https://github.com/derailed/k9s) check the status of the pods: -```shell -➜ replicator git:(replicator) ✗ kubectl get pods -A -NAMESPACE NAME READY STATUS RESTARTS AGE -destination controlcenter-0 1/1 Running 3 13m -destination kafka-0 1/1 Running 1 13m -destination kafka-1 1/1 Running 1 13m -destination kafka-2 1/1 Running 1 13m -destination replicator-0 1/1 Running 3 13m -destination schemaregistry-0 1/1 Running 6 13m -destination zookeeper-0 1/1 Running 0 13m -destination zookeeper-1 1/1 Running 0 13m -destination zookeeper-2 1/1 Running 0 13m -kube-system coredns-74ff55c5b-44zs2 1/1 Running 0 172m -kube-system etcd-minikube 1/1 Running 0 172m -kube-system kube-apiserver-minikube 1/1 Running 0 172m -kube-system kube-controller-manager-minikube 1/1 Running 0 172m -kube-system kube-proxy-fnjt5 1/1 Running 0 172m -kube-system kube-scheduler-minikube 1/1 Running 0 172m -kube-system storage-provisioner 1/1 Running 1 172m -sandbox confluent-operator-d4bb8cbd6-qg4dq 1/1 Running 0 14m -sandbox console-producer-0 1/1 Running 1 14m -sandbox kafka-0 1/1 Running 1 13m -sandbox kafka-1 1/1 Running 0 13m -sandbox kafka-2 1/1 Running 0 13m -sandbox zookeeper-0 1/1 Running 0 13m -sandbox zookeeper-1 1/1 Running 0 13m -sandbox zookeeper-2 1/1 Running 0 13m -tools ldap 1/1 Running 1 14m -``` - -5. Instantiate the Replicator Connector instance through the REST interface. You do this by using a JSON configuration file. `replicator.json` contains all the task configuration. To deploy the task simply run the following script: -```shell -./create_replication_job.sh -``` - -** NOTE: It may take sometime for the replicator-0 pod to become 'healthy' when running on a local minikube. - -#### Check the status of the Replicator Connector instance -``` -curl -u testadmin:testadmin -XGET -H "Content-Type: application/json" https://localhost:8083/connectors -k -curl -u testadmin:testadmin -XGET -H "Content-Type: application/json" https://localhost:8083/connectors/replicator/status -k -``` - -#### To delete the connector: - -``` -curl -u testadmin:testadmin -XDELETE -H "Content-Type: application/json" https://localhost:8083/connectors/replicator -k -``` - -### View in Control Center - -To connect and view the control centre you will beed to port forward from the C3 pod using the command below. Log in using username: `test-admin` password `test-admin` click the replicators tab and you should see the job running. -```shell -kubectl port-forward controlcenter-0 9021:9021 --namespace destination -``` - -Open your browser and hit: [https://localhost:9021](https://localhost:9021) -### Validate that it works - -Open Control center, select destination cluster, topic `${topic}_replica` where $topic is the name of the approved topic (whitelist). -You should start seeing messages flowing into the destination topic. - diff --git a/incubator/replicator/destination/control-centre.yaml b/incubator/replicator/destination/control-centre.yaml deleted file mode 100644 index b0f3122..0000000 --- a/incubator/replicator/destination/control-centre.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: ControlCenter -metadata: - name: controlcenter -spec: - authorization: - type: rbac - tls: - secretRef: tls-group1 - dependencies: - kafka: - bootstrapEndpoint: kafka.destination.svc.cluster.local:9071 - authentication: - type: plain - jaasConfig: - secretRef: mds-client-connect - tls: - enabled: true - mds: - endpoint: https://kafka.destination.svc.cluster.local:8090 - tokenKeyPair: - secretRef: mds-public - authentication: - type: bearer - bearer: - secretRef: mds-client-c3 - tls: - enabled: true - connect: - - name: replicator - url: https://replicator.destination.svc.cluster.local:8083 - tls: - enabled: true - schemaRegistry: - url: https://schemaregistry.destination.svc.cluster.local:8081 - tls: - enabled: true \ No newline at end of file diff --git a/incubator/replicator/destination/controlcenter-testadmin-rolebindings.yaml b/incubator/replicator/destination/controlcenter-testadmin-rolebindings.yaml deleted file mode 100644 index ceb7c77..0000000 --- a/incubator/replicator/destination/controlcenter-testadmin-rolebindings.yaml +++ /dev/null @@ -1,35 +0,0 @@ ---- -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: testadmin-rb -spec: - principal: - type: user - name: testadmin - role: ClusterAdmin ---- -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: testadmin-rb-sr -spec: - principal: - type: user - name: testadmin - clustersScopeByIds: - schemaRegistryClusterId: id_schemaregistry_destination - role: SystemAdmin ---- -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: testadmin-rb-replicator -spec: - principal: - type: user - name: testadmin - clustersScopeByIds: - connectClusterId: destination.replicator - role: SystemAdmin ---- \ No newline at end of file diff --git a/incubator/replicator/destination/controlcentre-c3-rb.yaml b/incubator/replicator/destination/controlcentre-c3-rb.yaml deleted file mode 100644 index 261520a..0000000 --- a/incubator/replicator/destination/controlcentre-c3-rb.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: c3-rb-replicator -spec: - principal: - type: user - name: c3 - clustersScopeByIds: - connectClusterId: destination.replicator - role: SystemAdmin ---- \ No newline at end of file diff --git a/incubator/replicator/destination/kafka.yaml b/incubator/replicator/destination/kafka.yaml deleted file mode 100644 index 290e32c..0000000 --- a/incubator/replicator/destination/kafka.yaml +++ /dev/null @@ -1,81 +0,0 @@ ---- -apiVersion: platform.confluent.io/v1beta1 -kind: Kafka -metadata: - name: kafka -spec: - configOverrides: - server: - - confluent.schema.registry.url=https://schemaregistry.destination.svc.cluster.local:8081 - - listener.name.internal.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler - - listener.name.external.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler - - listener.name.replication.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler - tls: - secretRef: tls-group1 - metricReporter: - enabled: true - authentication: - type: plain - jaasConfigPassThrough: - secretRef: broker-credential - tls: - enabled: true - listeners: - internal: - authentication: - type: plain - jaasConfigPassThrough: - secretRef: broker-credential - tls: - enabled: true - external: - authentication: - type: plain - jaasConfigPassThrough: - secretRef: broker-credential - tls: - enabled: true - authorization: - type: rbac - superUsers: - - User:kafka - services: - mds: - tls: - enabled: true - tokenKeyPair: - secretRef: broker-credential - provider: - type: ldap - ldap: - address: ldap://ldap.sandbox.svc.cluster.local:389 - authentication: - type: simple - simple: - secretRef: broker-credential - tls: - enabled: true - configurations: - groupNameAttribute: cn - groupObjectClass: groupOfNames - groupMemberAttribute: member - groupMemberAttributePattern: cn=(.*),ou=users,dc=test,dc=com - groupSearchBase: ou=groups,dc=test,dc=com - userNameAttribute: cn - userMemberOfAttributePattern: cn=(.*),ou=users,dc=test,dc=com - userObjectClass: organizationalRole - userSearchBase: ou=users,dc=test,dc=com - dependencies: - kafkaRest: - authentication: - type: bearer - bearer: - secretRef: broker-credential - zookeeper: - endpoint: zookeeper.destination.svc.cluster.local:2182 - authentication: - type: digest - jaasConfig: - secretRef: broker-credential - tls: - enabled: true diff --git a/incubator/replicator/destination/kustomization.yaml b/incubator/replicator/destination/kustomization.yaml deleted file mode 100644 index 018f9b9..0000000 --- a/incubator/replicator/destination/kustomization.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: destination -resources: -- namespace.yaml -- ../../../kustomize/base/confluent-rbac -- ../../../kustomize/base/confluent-rbac/secrets -- ../../../kustomize/base/secrets-user -- replicator.yaml -- controlcentre-c3-rb.yaml -- replicator-rb.yaml -- schemaregistry-base.yaml -- controlcenter-testadmin-rolebindings.yaml -patchesStrategicMerge: - - rest-class.yaml - - zookeeper.yaml - - kafka.yaml - - schema-registry.yaml - - control-centre.yaml \ No newline at end of file diff --git a/incubator/replicator/destination/rest-class.yaml b/incubator/replicator/destination/rest-class.yaml deleted file mode 100644 index 56ea65d..0000000 --- a/incubator/replicator/destination/rest-class.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: KafkaRestClass -metadata: - name: default -spec: - kafkaRest: - authentication: - type: bearer - bearer: - secretRef: rest-credential \ No newline at end of file diff --git a/incubator/replicator/destination/schema-registry.yaml b/incubator/replicator/destination/schema-registry.yaml deleted file mode 100644 index 8875723..0000000 --- a/incubator/replicator/destination/schema-registry.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: SchemaRegistry -metadata: - name: schemaregistry -spec: - authorization: - type: rbac - tls: - secretRef: tls-group1 - dependencies: - kafka: - bootstrapEndpoint: kafka.destination.svc.cluster.local:9071 - authentication: - type: plain - jaasConfig: - secretRef: mds-client-sr - tls: - enabled: true - mds: - endpoint: https://kafka.destination.svc.cluster.local:8090 - tokenKeyPair: - secretRef: mds-public - authentication: - type: bearer - bearer: - secretRef: mds-client-sr - tls: - enabled: true \ No newline at end of file diff --git a/incubator/replicator/destination/schemaregistry-base.yaml b/incubator/replicator/destination/schemaregistry-base.yaml deleted file mode 100644 index 14b25be..0000000 --- a/incubator/replicator/destination/schemaregistry-base.yaml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: registry-base -spec: - clustersScopeByIds: - schemaRegistryClusterId: id_schemaregistry_destination # id_. - principal: - name: sr - type: user - role: SecurityAdmin ---- -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: registry-mds-client-resources-base -spec: - principal: - name: sr - type: user - resourcePatterns: - - name: _confluent-license - patternType: LITERAL - resourceType: Topic - - name: _schemas_schemaregistry_destination - patternType: LITERAL - resourceType: Topic - - name: id_schemaregistry_destination - patternType: LITERAL - resourceType: Group - role: ResourceOwner \ No newline at end of file diff --git a/incubator/replicator/destination/zookeeper.yaml b/incubator/replicator/destination/zookeeper.yaml deleted file mode 100644 index 73286c2..0000000 --- a/incubator/replicator/destination/zookeeper.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: Zookeeper -metadata: - name: zookeeper -spec: - authentication: - type: digest - jaasConfig: - secretRef: zk-credential - tls: - secretRef: tls-group1 diff --git a/incubator/replicator/operator/deployment.yaml b/incubator/replicator/operator/deployment.yaml deleted file mode 100644 index 1e11ffe..0000000 --- a/incubator/replicator/operator/deployment.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: confluent-operator -spec: - template: - spec: - containers: - - args: - - --debug=false - - --namespaces=sandbox,destination - name: confluent-operator diff --git a/incubator/replicator/operator/kustomization.yaml b/incubator/replicator/operator/kustomization.yaml deleted file mode 100644 index ec102c5..0000000 --- a/incubator/replicator/operator/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: sandbox -resources: -- ../../../kustomize/base/operator -patchesStrategicMerge: - - deployment.yaml \ No newline at end of file diff --git a/incubator/replicator/source/kafka.yaml b/incubator/replicator/source/kafka.yaml deleted file mode 100644 index a4a90ae..0000000 --- a/incubator/replicator/source/kafka.yaml +++ /dev/null @@ -1,80 +0,0 @@ ---- -apiVersion: platform.confluent.io/v1beta1 -kind: Kafka -metadata: - name: kafka -spec: - configOverrides: - server: - - listener.name.internal.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler - - listener.name.external.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler - - listener.name.replication.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler - tls: - secretRef: tls-group1 - metricReporter: - enabled: true - authentication: - type: plain - jaasConfigPassThrough: - secretRef: broker-credential - tls: - enabled: true - listeners: - internal: - authentication: - type: plain - jaasConfigPassThrough: - secretRef: broker-credential - tls: - enabled: true - external: - authentication: - type: plain - jaasConfigPassThrough: - secretRef: broker-credential - tls: - enabled: true - authorization: - type: rbac - superUsers: - - User:kafka - services: - mds: - tls: - enabled: true - tokenKeyPair: - secretRef: broker-credential - provider: - type: ldap - ldap: - address: ldap://ldap.sandbox.svc.cluster.local:389 - authentication: - type: simple - simple: - secretRef: broker-credential - tls: - enabled: true - configurations: - groupNameAttribute: cn - groupObjectClass: groupOfNames - groupMemberAttribute: member - groupMemberAttributePattern: cn=(.*),ou=users,dc=test,dc=com - groupSearchBase: ou=groups,dc=test,dc=com - userNameAttribute: cn - userMemberOfAttributePattern: cn=(.*),ou=users,dc=test,dc=com - userObjectClass: organizationalRole - userSearchBase: ou=users,dc=test,dc=com - dependencies: - kafkaRest: - authentication: - type: bearer - bearer: - secretRef: broker-credential - zookeeper: - endpoint: zookeeper.sandbox.svc.cluster.local:2182 - authentication: - type: digest - jaasConfig: - secretRef: broker-credential - tls: - enabled: true diff --git a/incubator/replicator/source/kustomization.yaml b/incubator/replicator/source/kustomization.yaml deleted file mode 100644 index bdbcf8f..0000000 --- a/incubator/replicator/source/kustomization.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: sandbox -resources: -- ldap.yaml -- namespace.yaml -- ../../../kustomize/base/confluent-rbac -- ../../../kustomize/base/confluent-rbac/secrets -- ../../../kustomize/base/secrets-user -- source-topic.yaml -patchesStrategicMerge: - - rest-class.yaml - - zookeeper.yaml - - kafka.yaml diff --git a/incubator/replicator/source/ldap.yaml b/incubator/replicator/source/ldap.yaml deleted file mode 100644 index ad64007..0000000 --- a/incubator/replicator/source/ldap.yaml +++ /dev/null @@ -1,172 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: ldap - labels: - role: ldap - app: ldap -spec: - containers: - - name: ldap - args: - - --copy-service - - --loglevel=debug - image: osixia/openldap:1.3.0 - ports: - - name: ldap - containerPort: 389 - - name: ldaps - containerPort: 636 - livenessProbe: - tcpSocket: - port: 389 - initialDelaySeconds: 15 - periodSeconds: 20 - env: - - name: LDAP_ORGANISATION - value: "Test Inc." - - name: LDAP_DOMAIN - value: "test.com" - - name: LDAP_ADMIN_PASSWORD - value: "confluentrox" - - name: LDAP_CONFIG_PASSWORD - value: "confluentconfigrox" - - name: LDAP_READONLY_USER - value: "True" - - name: LDAP_READONLY_USER_USERNAME - value: "mds" - - name: LDAP_READONLY_USER_PASSWORD - value: "Developer!" - - name: LDAP_TLS - value: "False" - volumeMounts: - - mountPath: /container/service/slapd/assets/config/bootstrap/ldif/custom - name: customldif - - mountPath: /var/lib/ldap - name: ldap-data - - mountPath: /etc/ldap/slapd.d - name: ldap-config - volumes: - - name: customldif - configMap: - defaultMode: 420 - name: ldap-ldifs - - name: ldap-data - emptyDir: {} - - name: ldap-config - emptyDir: {} - - restartPolicy: Always ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: ldap-ldifs -data: - 0_groups.ldif: |- - dn: ou=groups,dc=test,dc=com - objectClass: organizationalUnit - objectClass: top - ou: groups - 0_users.ldif: |- - dn: ou=users,dc=test,dc=com - objectClass: organizationalUnit - objectClass: top - ou: users - 1_emmy.ldif: |- - dn: cn=emmy,ou=users,dc=test,dc=com - userPassword: emmy-secret - objectClass: simpleSecurityObject - objectClass: organizationalRole - description: Interested in action and conservation. If you like it, you should put a Noetherian Ring on it. - cn: emmy - 1_alice.ldif: |- - dn: cn=alice,ou=users,dc=test,dc=com - userPassword: alice-secret - objectClass: simpleSecurityObject - objectClass: organizationalRole - description: Alice is great at changing perspectives, but sometimes chases down rabbit holes - cn: alice - 1_developers.ldif: |- - dn: cn=developers,ou=groups,dc=test,dc=com - objectClass: top - objectClass: groupOfNames - description: A group of software developers and the apps they are responsible for - cn: developers - member: cn=emmy,ou=users,dc=test,dc=com - member: cn=alice,ou=users,dc=test,dc=com - 1_kafka.ldif: |- - dn: cn=kafka,ou=users,dc=test,dc=com - userPassword: kafka-secret - description: kafka user - objectClass: simpleSecurityObject - objectClass: organizationalRole - cn: kafka - 1_erp.ldif: |- - dn: cn=erp,ou=users,dc=test,dc=com - userPassword: erp-secret - description: erp user - objectClass: simpleSecurityObject - objectClass: organizationalRole - cn: erp - 1_sr.ldif: |- - dn: cn=sr,ou=users,dc=test,dc=com - userPassword: sr-secret - description: schema registry user - objectClass: simpleSecurityObject - objectClass: organizationalRole - cn: sr - 1_c3.ldif: |- - dn: cn=c3,ou=users,dc=test,dc=com - userPassword: c3-secret - description: control center user - objectClass: simpleSecurityObject - objectClass: organizationalRole - cn: c3 - 1_ksql.ldif: |- - dn: cn=ksql,ou=users,dc=test,dc=com - userPassword: ksql-secret - description: ksql user - objectClass: simpleSecurityObject - objectClass: organizationalRole - cn: ksql - 1_connect.ldif: |- - dn: cn=connect,ou=users,dc=test,dc=com - userPassword: connect-secret - description: connect user - objectClass: simpleSecurityObject - objectClass: organizationalRole - cn: connect - 1_replicator.ldif: |- - dn: cn=replicator,ou=users,dc=test,dc=com - userPassword: replicator-secret - description: replicator user - objectClass: simpleSecurityObject - objectClass: organizationalRole - cn: replicator - 1_c3-test.ldif: |- - dn: cn=testadmin,ou=users,dc=test,dc=com - userPassword: testadmin - description: testadmin user - objectClass: simpleSecurityObject - objectClass: organizationalRole - cn: testadmin ---- -apiVersion: v1 -kind: Service -metadata: - name: ldap - labels: - app: ldap -spec: - ports: - - port: 389 - name: ldap - - port: 636 - name: ldaps - clusterIP: None - selector: - app: ldap - - - diff --git a/incubator/replicator/source/zookeeper.yaml b/incubator/replicator/source/zookeeper.yaml deleted file mode 100644 index 73286c2..0000000 --- a/incubator/replicator/source/zookeeper.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: Zookeeper -metadata: - name: zookeeper -spec: - authentication: - type: digest - jaasConfig: - secretRef: zk-credential - tls: - secretRef: tls-group1 diff --git a/incubator/schema-registry-linking/README.md b/incubator/schema-registry-linking/README.md new file mode 100644 index 0000000..d05b61f --- /dev/null +++ b/incubator/schema-registry-linking/README.md @@ -0,0 +1,83 @@ +# Basic Deployment +This example deploys a basic deployment. No RBAC/LDAP. Just a single topic 'foobar' is added as part of the pipeline. + + +| Feature | Enabled | Note | +|:-----------------|:-------:|:-------------------------| +| Kafka/Zookeeper | ✅ | | +| Control Center | ✅ | | +| Connect | ❌ | | +| Schema Registry | ❌ | | +| KSQL | ❌ | | +| TLS Encryption | ✅ | Self-signed certificates | +| Authentication | ✅ | | +| Authorization | ✅ | via LDAP | + + +### Deploy CRDs +Deploy the CRDS using the standard way: +```shell +kubectl apply -k ../../base/crds +``` +### Deploy Confluent Operator and Confluent Services +Deploy the confluent operator and services: +```shell +kubectl apply -k . +``` + +### Forward ports locally. +#### Source Kafka +Minikube:source:kafka:9071 -> localhost:9071 +#### Source SchemaRegistry +Minikube:source:schemaregistry:9081 -> localhost:9081 +#### Source Kafka +Minikube:destination:kafka:9071 -> localhost:9072 +#### Source Kafka +Minikube:source:schemaregistry:9081 -> localhost:9082 + +```shell + +kubectl port-forward kafka-0 9071:9071 --namespace source +``` +kubectl port-forward \ +$(kubectl get pods -n source -l statefulset.kubernetes.io/pod-name:kafka-0 -o name) \ +:9071 -n source \ +&& \ +kubectl port-forward \ +$(kubectl get pods -n source -l app.kubernetes.io/component=grafana -o name) \ +:9071 -n source \ +&& \ +kubectl port-forward \ +$(kubectl get pods -n source -l app.kubernetes.io/component=grafana -o name) \ +9071 -n source +&& \ +kubectl port-forward \ +$(kubectl get pods -n source -l app.kubernetes.io/component=grafana -o name) \ +9071 -n source + +``` + +### Query schema Registry + +[//]: # (TODO Port forward Production Schema Registry - 8081) +[//]: # (TODO Port forward Production Kafka Broker - 9092) + +``` +curl -k -X POST -H "Content-Type: application/vnd.schemaregistry.v1+json" \ + --data '{"schema": "{\"type\": \"string\"}"}' \ + https://localhost:8081/subjects/im-a-source-schema/versions +``` + + + +``` +curl -k -X POST -H "Content-Type: application/vnd.schemaregistry.v1+json" \ + --data '{"schema": "{\"type\": \"string\"}"}' \ + https://localhost:8082/subjects/im-a-desgination-schema/versions +```10.109.90.121 + +`curl -k -X GET https://10.109.90.121:8081/subjects` + +`curl -k -X GET https://localhost:8082/subjects` + +#TODO - how will \ No newline at end of file diff --git a/incubator/schema-registry-linking/environments/base/confluent/control-centre.yaml b/incubator/schema-registry-linking/environments/base/confluent/control-centre.yaml new file mode 100644 index 0000000..7bd8a58 --- /dev/null +++ b/incubator/schema-registry-linking/environments/base/confluent/control-centre.yaml @@ -0,0 +1,28 @@ +--- +apiVersion: platform.confluent.io/v1beta1 +kind: ControlCenter +metadata: + name: controlcenter +spec: + replicas: 1 + podTemplate: + probe: + liveness: + periodSeconds: 10 + failureThreshold: 5 + timeoutSeconds: 500 + image: + application: confluentinc/cp-enterprise-control-center:7.1.0 + init: confluentinc/confluent-init-container:2.2.0 + dataVolumeCapacity: 10Gi + tls: + autoGeneratedCerts: true + dependencies: + kafka: + bootstrapEndpoint: kafka:9071 + tls: + enabled: true + schemaRegistry: + url: https://schemaregistry:8081 + tls: + enabled: true diff --git a/base/cfk-components/confluent-no-auth/kafka.yaml b/incubator/schema-registry-linking/environments/base/confluent/kafka.yaml similarity index 91% rename from base/cfk-components/confluent-no-auth/kafka.yaml rename to incubator/schema-registry-linking/environments/base/confluent/kafka.yaml index 4527817..c80cfd4 100644 --- a/base/cfk-components/confluent-no-auth/kafka.yaml +++ b/incubator/schema-registry-linking/environments/base/confluent/kafka.yaml @@ -5,7 +5,7 @@ metadata: spec: replicas: 3 image: - application: confluentinc/cp-server:7.0.1 + application: confluentinc/cp-server:7.1.0 init: confluentinc/confluent-init-container:2.2.0 dataVolumeCapacity: 10Gi configOverrides: diff --git a/incubator/schema-registry-linking/environments/base/confluent/kustomization.yaml b/incubator/schema-registry-linking/environments/base/confluent/kustomization.yaml new file mode 100644 index 0000000..8f77ba6 --- /dev/null +++ b/incubator/schema-registry-linking/environments/base/confluent/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - zookeeper.yaml + - kafka.yaml + - control-centre.yaml +# - rest-class.yaml + - schema-registry.yaml + diff --git a/incubator/argo-cd/environments/base/confluent/rest-class.yaml b/incubator/schema-registry-linking/environments/base/confluent/rest-class.yaml similarity index 100% rename from incubator/argo-cd/environments/base/confluent/rest-class.yaml rename to incubator/schema-registry-linking/environments/base/confluent/rest-class.yaml diff --git a/base/cfk-components/confluent-no-auth/schmea-registry/schema-registry.yaml b/incubator/schema-registry-linking/environments/base/confluent/schema-registry.yaml similarity index 84% rename from base/cfk-components/confluent-no-auth/schmea-registry/schema-registry.yaml rename to incubator/schema-registry-linking/environments/base/confluent/schema-registry.yaml index 52b5ada..f86b9cc 100644 --- a/base/cfk-components/confluent-no-auth/schmea-registry/schema-registry.yaml +++ b/incubator/schema-registry-linking/environments/base/confluent/schema-registry.yaml @@ -5,7 +5,7 @@ metadata: spec: replicas: 1 image: - application: confluentinc/cp-schema-registry:7.0.1 + application: confluentinc/cp-schema-registry:7.1.0 init: confluentinc/confluent-init-container:2.2.0 tls: autoGeneratedCerts: true diff --git a/base/cfk-components/confluent-no-auth/zookeeper.yaml b/incubator/schema-registry-linking/environments/base/confluent/zookeeper.yaml similarity index 83% rename from base/cfk-components/confluent-no-auth/zookeeper.yaml rename to incubator/schema-registry-linking/environments/base/confluent/zookeeper.yaml index 26d4142..004a663 100644 --- a/base/cfk-components/confluent-no-auth/zookeeper.yaml +++ b/incubator/schema-registry-linking/environments/base/confluent/zookeeper.yaml @@ -5,7 +5,7 @@ metadata: spec: replicas: 3 image: - application: confluentinc/cp-zookeeper:7.0.1 + application: confluentinc/cp-zookeeper:7.1.0 init: confluentinc/confluent-init-container:2.2.0 dataVolumeCapacity: 10Gi logVolumeCapacity: 10Gi diff --git a/incubator/argo-cd/environments/base/kustomization.yaml b/incubator/schema-registry-linking/environments/base/kustomization.yaml similarity index 100% rename from incubator/argo-cd/environments/base/kustomization.yaml rename to incubator/schema-registry-linking/environments/base/kustomization.yaml diff --git a/incubator/schema-registry-linking/environments/base/secrets/README.md b/incubator/schema-registry-linking/environments/base/secrets/README.md new file mode 100644 index 0000000..4d9b4b5 --- /dev/null +++ b/incubator/schema-registry-linking/environments/base/secrets/README.md @@ -0,0 +1,2 @@ +kubectl create secret generic password-encoder-secret \ + --from-file=password-encoder.txt=./password-encoder.txt -o yaml > password-encoder-secret.yaml \ No newline at end of file diff --git a/incubator/argo-cd/environments/base/secrets/ca-pair-sslcerts.yaml b/incubator/schema-registry-linking/environments/base/secrets/ca-pair-sslcerts.yaml similarity index 100% rename from incubator/argo-cd/environments/base/secrets/ca-pair-sslcerts.yaml rename to incubator/schema-registry-linking/environments/base/secrets/ca-pair-sslcerts.yaml diff --git a/incubator/schema-registry-linking/environments/base/secrets/kustomization.yaml b/incubator/schema-registry-linking/environments/base/secrets/kustomization.yaml new file mode 100644 index 0000000..1becf02 --- /dev/null +++ b/incubator/schema-registry-linking/environments/base/secrets/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ca-pair-sslcerts.yaml + - sealed-credential-source.yaml + - password-encoder-secret.yaml + - mds-public.yaml diff --git a/incubator/argo-cd/environments/base/secrets/mds-public.yaml b/incubator/schema-registry-linking/environments/base/secrets/mds-public.yaml similarity index 100% rename from incubator/argo-cd/environments/base/secrets/mds-public.yaml rename to incubator/schema-registry-linking/environments/base/secrets/mds-public.yaml diff --git a/incubator/schema-registry-linking/environments/base/secrets/password-encoder-secret.yaml b/incubator/schema-registry-linking/environments/base/secrets/password-encoder-secret.yaml new file mode 100644 index 0000000..a178e3d --- /dev/null +++ b/incubator/schema-registry-linking/environments/base/secrets/password-encoder-secret.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + password-encoder.txt: cGFzc3dvcmQ9c2VjcmV0Zm9vYmFyCm9sZFBhc3N3b3JkPWZvb2JhcjI= +kind: Secret +metadata: + name: password-encoder-secret +type: Opaque diff --git a/incubator/schema-registry-linking/environments/base/secrets/password-encoder.txt b/incubator/schema-registry-linking/environments/base/secrets/password-encoder.txt new file mode 100644 index 0000000..f7b91e4 --- /dev/null +++ b/incubator/schema-registry-linking/environments/base/secrets/password-encoder.txt @@ -0,0 +1,2 @@ +password=secretfoobar +oldPassword=foobar2 \ No newline at end of file diff --git a/incubator/schema-registry-linking/environments/base/secrets/sealed-credential-source.yaml b/incubator/schema-registry-linking/environments/base/secrets/sealed-credential-source.yaml new file mode 100644 index 0000000..beb7a76 --- /dev/null +++ b/incubator/schema-registry-linking/environments/base/secrets/sealed-credential-source.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + bearer.txt: dXNlcm5hbWU9a2Fma2EKcGFzc3dvcmQ9a2Fma2Etc2VjcmV0Cg== + basic.txt: dXNlcm5hbWU9a2Fma2EKcGFzc3dvcmQ9a2Fma2Etc2VjcmV0Cg== + ldap.txt: dXNlcm5hbWU9Y249bWRzLGRjPXRlc3QsZGM9Y29tCnBhc3N3b3JkPURldmVsb3BlciEK + plain-jaas.conf: c2FzbC5qYWFzLmNvbmZpZz1vcmcuYXBhY2hlLmthZmthLmNvbW1vbi5zZWN1cml0eS5wbGFpbi5QbGFpbkxvZ2luTW9kdWxlIHJlcXVpcmVkIHVzZXJuYW1lPSJrYWZrYSIgcGFzc3dvcmQ9ImthZmthLXNlY3JldCI7 +kind: Secret +metadata: + creationTimestamp: null + name: sealed-credential diff --git a/incubator/schema-registry-linking/environments/destination/cluster-link-rest-class.yaml b/incubator/schema-registry-linking/environments/destination/cluster-link-rest-class.yaml new file mode 100644 index 0000000..7b27222 --- /dev/null +++ b/incubator/schema-registry-linking/environments/destination/cluster-link-rest-class.yaml @@ -0,0 +1,9 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: KafkaRestClass +metadata: + name: destination-kafka-rest +spec: + kafkaClusterRef: + name: kafka + kafkaRest: + endpoint: http://kafka.destination.svc.cluster.local:8090 \ No newline at end of file diff --git a/incubator/schema-registry-linking/environments/destination/cluster-link.yaml b/incubator/schema-registry-linking/environments/destination/cluster-link.yaml new file mode 100644 index 0000000..88fde7f --- /dev/null +++ b/incubator/schema-registry-linking/environments/destination/cluster-link.yaml @@ -0,0 +1,16 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: ClusterLink +metadata: + name: clusterlink-demo +spec: + destinationKafkaCluster: + kafkaRestClassRef: + name: destination-kafka-rest + namespace: destination + sourceKafkaCluster: + bootstrapEndpoint: kafka.source.svc.cluster.local:9071 + kafkaRestClassRef: + name: source-kafka-rest + namespace: source + mirrorTopics: + - name: sr-linking-topic-demo-sources diff --git a/incubator/schema-registry-linking/environments/destination/clusterlink-encoder-secret.yaml b/incubator/schema-registry-linking/environments/destination/clusterlink-encoder-secret.yaml new file mode 100644 index 0000000..af6c51e --- /dev/null +++ b/incubator/schema-registry-linking/environments/destination/clusterlink-encoder-secret.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + clusterlink_encoder_secret: c2VjcmV0PXNlY3JldA== +kind: Secret +metadata: + name: clusterlink-encoder-secret +type: Opaque diff --git a/incubator/schema-registry-linking/environments/destination/control-centre.yaml b/incubator/schema-registry-linking/environments/destination/control-centre.yaml new file mode 100644 index 0000000..d1485aa --- /dev/null +++ b/incubator/schema-registry-linking/environments/destination/control-centre.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: platform.confluent.io/v1beta1 +kind: ControlCenter +metadata: + name: controlcenter +spec: + externalAccess: + type: loadBalancer + loadBalancer: + domain: oso-c3 + port: 9021 + dependencies: + connect: null + ksqldb: null + schemaRegistry: + url: http://schemaregistry:8081 + diff --git a/incubator/schema-registry-linking/environments/destination/kafka.yaml b/incubator/schema-registry-linking/environments/destination/kafka.yaml new file mode 100644 index 0000000..d0ea70c --- /dev/null +++ b/incubator/schema-registry-linking/environments/destination/kafka.yaml @@ -0,0 +1,19 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: Kafka +metadata: + name: kafka +spec: + mountedSecrets: + - secretRef: clusterlink-encoder-secret + configOverrides: + server: + - confluent.cluster.link.enable=true + - password.encoder.secret=${file:/mnt/secrets/clusterlink-encoder-secret/clusterlink_encoder_secret:secret} + listeners: + external: + externalAccess: + type: loadBalancer + loadBalancer: + brokerPrefix: destination + bootstrapPrefix: destination + domain: oso-destination \ No newline at end of file diff --git a/incubator/schema-registry-linking/environments/destination/kustomization.yaml b/incubator/schema-registry-linking/environments/destination/kustomization.yaml new file mode 100644 index 0000000..e86f44f --- /dev/null +++ b/incubator/schema-registry-linking/environments/destination/kustomization.yaml @@ -0,0 +1,15 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: destination +resources: + - namespace.yaml + - ../../../../base/cfk-components/confluent-no-auth-no-tls + - ../../../../base/cfk-components/confluent-no-auth-no-tls/schmea-registry + - cluster-link-rest-class.yaml + - sr-linking-topic-demo.yaml + - cluster-link.yaml + - clusterlink-encoder-secret.yaml + - password-encoder-secret.yaml +patchesStrategicMerge: + - kafka.yaml +# - control-centre.yaml \ No newline at end of file diff --git a/incubator/schema-registry-linking/environments/destination/namespace.yaml b/incubator/schema-registry-linking/environments/destination/namespace.yaml new file mode 100644 index 0000000..24dde51 --- /dev/null +++ b/incubator/schema-registry-linking/environments/destination/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: destination diff --git a/incubator/schema-registry-linking/environments/destination/password-encoder-secret.yaml b/incubator/schema-registry-linking/environments/destination/password-encoder-secret.yaml new file mode 100644 index 0000000..a178e3d --- /dev/null +++ b/incubator/schema-registry-linking/environments/destination/password-encoder-secret.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + password-encoder.txt: cGFzc3dvcmQ9c2VjcmV0Zm9vYmFyCm9sZFBhc3N3b3JkPWZvb2JhcjI= +kind: Secret +metadata: + name: password-encoder-secret +type: Opaque diff --git a/incubator/schema-registry-linking/environments/destination/schema-registry.yaml b/incubator/schema-registry-linking/environments/destination/schema-registry.yaml new file mode 100644 index 0000000..21a516b --- /dev/null +++ b/incubator/schema-registry-linking/environments/destination/schema-registry.yaml @@ -0,0 +1,12 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: SchemaRegistry +metadata: + name: schemaregistry +spec: + passwordEncoder: + secretRef: password-encoder-secret + enableSchemaExporter: true + externalAccess: + type: loadBalancer + loadBalancer: + domain: oso-destination \ No newline at end of file diff --git a/incubator/schema-registry-linking/environments/destination/sr-linking-topic-demo.yaml b/incubator/schema-registry-linking/environments/destination/sr-linking-topic-demo.yaml new file mode 100644 index 0000000..6d57fbe --- /dev/null +++ b/incubator/schema-registry-linking/environments/destination/sr-linking-topic-demo.yaml @@ -0,0 +1,11 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: KafkaTopic +metadata: + name: sr-linking-topic-demo-destination +spec: + replicas: 3 + partitionCount: 4 + configs: + cleanup.policy: "delete" + kafkaRestClassRef: + name: destination-kafka-rest \ No newline at end of file diff --git a/incubator/schema-registry-linking/environments/kustomization.yaml b/incubator/schema-registry-linking/environments/kustomization.yaml new file mode 100644 index 0000000..618cb86 --- /dev/null +++ b/incubator/schema-registry-linking/environments/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - source + - destination diff --git a/incubator/schema-registry-linking/environments/source/clusterlink-encoder-secret.yaml b/incubator/schema-registry-linking/environments/source/clusterlink-encoder-secret.yaml new file mode 100644 index 0000000..af6c51e --- /dev/null +++ b/incubator/schema-registry-linking/environments/source/clusterlink-encoder-secret.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + clusterlink_encoder_secret: c2VjcmV0PXNlY3JldA== +kind: Secret +metadata: + name: clusterlink-encoder-secret +type: Opaque diff --git a/incubator/schema-registry-linking/environments/source/kafka.yaml b/incubator/schema-registry-linking/environments/source/kafka.yaml new file mode 100644 index 0000000..6c598bd --- /dev/null +++ b/incubator/schema-registry-linking/environments/source/kafka.yaml @@ -0,0 +1,24 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: Kafka +metadata: + name: kafka +spec: + mountedSecrets: + - secretRef: clusterlink-encoder-secret + configOverrides: + server: + - confluent.cluster.link.enable=true + - password.encoder.secret=${file:/mnt/secrets/clusterlink-encoder-secret/clusterlink_encoder_secret:secret} +# - confluent.schema.registry.url=http://schemaregistry.source.svc.cluster.local:8081 + listeners: + external: + externalAccess: + type: loadBalancer + loadBalancer: + brokerPrefix: source + bootstrapPrefix: source + domain: oso-source + + + + diff --git a/incubator/schema-registry-linking/environments/source/kustomization.yaml b/incubator/schema-registry-linking/environments/source/kustomization.yaml new file mode 100644 index 0000000..c0711bc --- /dev/null +++ b/incubator/schema-registry-linking/environments/source/kustomization.yaml @@ -0,0 +1,15 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: source +resources: + - ../../../../base/cfk-components/confluent-no-auth-no-tls + - ../../../../base/cfk-components/confluent-no-auth-no-tls/schmea-registry + - namespace.yaml + - schema-exporter.yaml + - sr-linking-topic-demo.yaml + - source-rest-class.yaml + - password-encoder-secret.yaml + - clusterlink-encoder-secret.yaml +patchesStrategicMerge: + - kafka.yaml + - schema-registry.yaml \ No newline at end of file diff --git a/incubator/schema-registry-linking/environments/source/namespace.yaml b/incubator/schema-registry-linking/environments/source/namespace.yaml new file mode 100644 index 0000000..6163026 --- /dev/null +++ b/incubator/schema-registry-linking/environments/source/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: source diff --git a/incubator/schema-registry-linking/environments/source/password-encoder-secret.yaml b/incubator/schema-registry-linking/environments/source/password-encoder-secret.yaml new file mode 100644 index 0000000..a178e3d --- /dev/null +++ b/incubator/schema-registry-linking/environments/source/password-encoder-secret.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + password-encoder.txt: cGFzc3dvcmQ9c2VjcmV0Zm9vYmFyCm9sZFBhc3N3b3JkPWZvb2JhcjI= +kind: Secret +metadata: + name: password-encoder-secret +type: Opaque diff --git a/incubator/schema-registry-linking/environments/source/schema-exporter.yaml b/incubator/schema-registry-linking/environments/source/schema-exporter.yaml new file mode 100644 index 0000000..fbad59a --- /dev/null +++ b/incubator/schema-registry-linking/environments/source/schema-exporter.yaml @@ -0,0 +1,16 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: SchemaExporter +metadata: + name: schema-exporter-demo +spec: + sourceCluster: + schemaRegistryRest: + endpoint: http://schemaregistry.source.svc.cluster.local:8081 + destinationCluster: + schemaRegistryRest: + endpoint: http://schemaregistry.destination.svc.cluster.local:8081 +# subjects: --- [5] +# subjectRenameFormat: --- [6] +# contextType: --- [7] +# contextName: --- [8] +# configs: --- [9] \ No newline at end of file diff --git a/incubator/schema-registry-linking/environments/source/schema-registry.yaml b/incubator/schema-registry-linking/environments/source/schema-registry.yaml new file mode 100644 index 0000000..6a76a99 --- /dev/null +++ b/incubator/schema-registry-linking/environments/source/schema-registry.yaml @@ -0,0 +1,12 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: SchemaRegistry +metadata: + name: schemaregistry +spec: + passwordEncoder: + secretRef: password-encoder-secret + enableSchemaExporter: true + externalAccess: + type: loadBalancer + loadBalancer: + domain: oso-source \ No newline at end of file diff --git a/incubator/schema-registry-linking/environments/source/source-rest-class.yaml b/incubator/schema-registry-linking/environments/source/source-rest-class.yaml new file mode 100644 index 0000000..e90afde --- /dev/null +++ b/incubator/schema-registry-linking/environments/source/source-rest-class.yaml @@ -0,0 +1,9 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: KafkaRestClass +metadata: + name: source-kafka-rest +spec: + kafkaClusterRef: + name: kafka + kafkaRest: + endpoint: http://kafka.source.svc.cluster.local:8090 diff --git a/incubator/schema-registry-linking/environments/source/sr-linking-topic-demo.yaml b/incubator/schema-registry-linking/environments/source/sr-linking-topic-demo.yaml new file mode 100644 index 0000000..d2ee303 --- /dev/null +++ b/incubator/schema-registry-linking/environments/source/sr-linking-topic-demo.yaml @@ -0,0 +1,11 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: KafkaTopic +metadata: + name: sr-linking-topic-demo-sources +spec: + replicas: 3 + partitionCount: 4 + configs: + cleanup.policy: "delete" + kafkaRestClassRef: + name: source-kafka-rest \ No newline at end of file diff --git a/incubator/schema-registry-linking/kustomization.yaml b/incubator/schema-registry-linking/kustomization.yaml new file mode 100644 index 0000000..5897096 --- /dev/null +++ b/incubator/schema-registry-linking/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- environments + + + diff --git a/incubator/schema-registry-linking/testing/Dockerfile-producer b/incubator/schema-registry-linking/testing/Dockerfile-producer new file mode 100644 index 0000000..dad3178 --- /dev/null +++ b/incubator/schema-registry-linking/testing/Dockerfile-producer @@ -0,0 +1,8 @@ +FROM python:3.8 +WORKDIR /app +COPY requirements.txt requirements.txt +RUN pip3 install -r requirements.txt +COPY . . + +CMD [ "python3", "sr-linking-producer.py"] + diff --git a/incubator/schema-registry-linking/testing/avro/sr-linking-schema-demo.avsc b/incubator/schema-registry-linking/testing/avro/sr-linking-schema-demo.avsc new file mode 100644 index 0000000..27e83b7 --- /dev/null +++ b/incubator/schema-registry-linking/testing/avro/sr-linking-schema-demo.avsc @@ -0,0 +1,19 @@ +{ + "namespace": "io.srlinking.demo", + "type": "record", + "name": "CreateUserRequest", + "fields": [ + { + "name": "email", + "type": "string" + }, + { + "name": "firstName", + "type": "string" + }, + { + "name": "lastName", + "type": "string" + } + ] +} \ No newline at end of file diff --git a/incubator/schema-registry-linking/testing/requirements.txt b/incubator/schema-registry-linking/testing/requirements.txt new file mode 100644 index 0000000..c5a78fa --- /dev/null +++ b/incubator/schema-registry-linking/testing/requirements.txt @@ -0,0 +1,4 @@ +avro +confluent-kafka +randomname +requests \ No newline at end of file diff --git a/incubator/schema-registry-linking/testing/sr-linking-consumer.py b/incubator/schema-registry-linking/testing/sr-linking-consumer.py new file mode 100644 index 0000000..9fd3a7d --- /dev/null +++ b/incubator/schema-registry-linking/testing/sr-linking-consumer.py @@ -0,0 +1,29 @@ +from confluent_kafka import DeserializingConsumer +from confluent_kafka.schema_registry import SchemaRegistryClient +from confluent_kafka.schema_registry.avro import AvroDeserializer +from confluent_kafka.serialization import StringDeserializer + +schema_file = 'sr-linking-schema-demo.avsc' +schema_registry = 'http://schemaregistry-bootstrap-lb:80' +bootstrap_servers = 'kafka-bootstrap-lb:9092' +topic = 'sr-linking-topic-demo-sources' + +def consume_record(): + sr_conf = {'url': schema_registry} + schema_registry_client = SchemaRegistryClient(sr_conf) + + avro_deserializer = AvroDeserializer(schema_registry_client, + schema_str, + dict_to_user) + string_deserializer = StringDeserializer('utf_8') + + consumer_conf = {'bootstrap.servers': bootstrap_servers, + 'key.deserializer': string_deserializer, + 'value.deserializer': avro_deserializer, + 'group.id': args.group, + 'auto.offset.reset': "earliest"} + + +if __name__ == "__main__": + consume_record() + diff --git a/incubator/schema-registry-linking/testing/sr-linking-producer.py b/incubator/schema-registry-linking/testing/sr-linking-producer.py new file mode 100644 index 0000000..0666a08 --- /dev/null +++ b/incubator/schema-registry-linking/testing/sr-linking-producer.py @@ -0,0 +1,51 @@ +from confluent_kafka import avro +import json +import uuid +import time +import os +import randomname +import confluent_kafka + +from confluent_kafka.avro import AvroProducer +from utils.load_avro_schema_from_file import load_avro_schema_from_file + + +schema_file = 'sr-linking-schema-demo.avsc' +schema_registry = 'http://schemaregistry-bootstrap-destination-lb:80' +bootstrap_servers = 'kafka-bootstrap-source-lb:9092' +topic = 'sr-linking-topic-demo-sources' +loop_count = 800 + + +def send_record(): + key_schema, value_schema = load_avro_schema_from_file(schema_file) + producer_config = { + "bootstrap.servers": bootstrap_servers, + "schema.registry.url": schema_registry + } + + producer = AvroProducer(producer_config, default_key_schema=key_schema, default_value_schema=value_schema) + + record = dict() + n = 1 + while n < loop_count: + print(n) + record['email'] = randomname.get_name() + record['firstName'] = randomname.get_name() + record['lastName'] = randomname.get_name() + json_value = json.dumps(record) + key = str(uuid.uuid4()) + + try: + producer.produce(topic=topic, key=key, value=record) + except Exception as e: + print(f"Exception while producing record value - {json_value} to topic - {topic}: {e}") + else: + print(f"Successfully producing record value - {json_value} to topic - {topic}") + producer.flush() + time.sleep(1) + + +if __name__ == "__main__": + send_record() + diff --git a/incubator/schema-registry-linking/testing/utils/__pycache__/load_avro_schema_from_file.cpython-39.pyc b/incubator/schema-registry-linking/testing/utils/__pycache__/load_avro_schema_from_file.cpython-39.pyc new file mode 100644 index 0000000..6396949 Binary files /dev/null and b/incubator/schema-registry-linking/testing/utils/__pycache__/load_avro_schema_from_file.cpython-39.pyc differ diff --git a/incubator/schema-registry-linking/testing/utils/__pycache__/parse_command_line_args.cpython-39.pyc b/incubator/schema-registry-linking/testing/utils/__pycache__/parse_command_line_args.cpython-39.pyc new file mode 100644 index 0000000..d724981 Binary files /dev/null and b/incubator/schema-registry-linking/testing/utils/__pycache__/parse_command_line_args.cpython-39.pyc differ diff --git a/incubator/schema-registry-linking/testing/utils/load_avro_schema_from_file.py b/incubator/schema-registry-linking/testing/utils/load_avro_schema_from_file.py new file mode 100644 index 0000000..96c8a4a --- /dev/null +++ b/incubator/schema-registry-linking/testing/utils/load_avro_schema_from_file.py @@ -0,0 +1,12 @@ +from confluent_kafka import avro + + +def load_avro_schema_from_file(schema_file): + key_schema_string = """ + {"type": "string"} + """ + + key_schema = avro.loads(key_schema_string) + value_schema = avro.load("./avro/" + schema_file) + + return key_schema, value_schema \ No newline at end of file diff --git a/incubator/schema-registry-linking/testing/utils/parse_command_line_args.py b/incubator/schema-registry-linking/testing/utils/parse_command_line_args.py new file mode 100644 index 0000000..241f9c5 --- /dev/null +++ b/incubator/schema-registry-linking/testing/utils/parse_command_line_args.py @@ -0,0 +1,14 @@ +from argparse import ArgumentParser + + +def parse_command_line_args(): + arg_parser = ArgumentParser() + + arg_parser.add_argument("--topic", required=True, help="Topic name") + arg_parser.add_argument("--bootstrap-servers", required=False, default="localhost:9092", help="Bootstrap server address") + arg_parser.add_argument("--schema-registry", required=False, default="http://localhost:8081", help="Schema Registry url") + arg_parser.add_argument("--schema-file", required=True, help="File name of Avro schema to use") + arg_parser.add_argument("--record-key", required=False, type=str, help="Record key. If not provided, will be a random UUID") + arg_parser.add_argument("--record-value", required=True, help="Record value") + + return arg_parser.parse_args() \ No newline at end of file diff --git a/incubator/tiered-storage/README.md b/incubator/tiered-storage/README.md new file mode 100644 index 0000000..ed0db11 --- /dev/null +++ b/incubator/tiered-storage/README.md @@ -0,0 +1,54 @@ +# Tiered Storage + +| Feature | Enabled | Note | +|:-----------------|:-------:|:-------------------------| +| Kafka/Zookeeper | ✅ | | +| Control Center | ✅ | | +| Connect | ❌ | | +| Schema Registry | ❌ | | +| KSQL | ❌ | | +| TLS Encryption | ✅ | Self-signed certificates | +| Authentication | ✅ | | +| Authorization | ✅ | via LDAP | + + + + +## + +Once all the the pods are in a 'Running' status, we can start to investigate the rest of the stack. + +## Prometheus +Prometheus has a UI you can view by forwarding port 9090 with the following command, and then accessing `http://127.0.0.1:9090` from a local browser. +```shell +kubectl port-forward \ +$(kubectl get pods -n sandbox -l app=prometheus -l component=server -o name) \ +9090 --namespace sandbox +``` + +If you navigate to `http://localhost:9090/targets` you should hopefully see a screen such as this which indicates that Prometheus is successfully scraping from the Confluent Services +![](docs/prometheus_targets.png)0 + +The configuration file for Prometheus can be found at `./examples/monitoring/prometheus/server/cm.yaml` + +## Grafana +Grafana's Web UI runs on port 3000. Similar to Prometheus, forward that port to your local machines with the following command: +```shell +kubectl port-forward \ +$(kubectl get pods -n sandbox kubectl get pods -n sandbox -l app.kubernetes.io/component=grafana -o name) \ +3000 --namespace sandbox +``` + +Navigate to http://localhost:3000 + +You will need to login with the username 'admin' and the password 'password'. At the home screen you will see a dashboard called 'Confluent Platform'. Click on this +![](docs/grafana-dashboard.png) + +This dashboard will display various metrics/alerts for the various Confluent services. This dashboard has been captured in code, and can be edited at `./examples/grafana/dashboards.yaml` +![](docs/grafana-dashboard2.png) + + + + + + diff --git a/incubator/tiered-storage/aws.config b/incubator/tiered-storage/aws.config new file mode 100644 index 0000000..3137820 --- /dev/null +++ b/incubator/tiered-storage/aws.config @@ -0,0 +1,3 @@ +[default] +region=us-west-2 +output=json \ No newline at end of file diff --git a/incubator/tiered-storage/bucketpolicy.json b/incubator/tiered-storage/bucketpolicy.json new file mode 100644 index 0000000..334f7ba --- /dev/null +++ b/incubator/tiered-storage/bucketpolicy.json @@ -0,0 +1,18 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "s3:GetObject", + "s3:DeleteObject", + "s3:PutObject", + "s3:GetBucketLocation" + ], + "Resource": [ + "arn:aws:s3:::oso-confluent-tiered-storage-example", + "arn:aws:s3:::oso-confluent-tiered-storage-example/*" + ] + } + ] +} \ No newline at end of file diff --git a/incubator/tiered-storage/docs/grafana-dashboard.png b/incubator/tiered-storage/docs/grafana-dashboard.png new file mode 100755 index 0000000..f295258 Binary files /dev/null and b/incubator/tiered-storage/docs/grafana-dashboard.png differ diff --git a/incubator/tiered-storage/docs/grafana-dashboard2.png b/incubator/tiered-storage/docs/grafana-dashboard2.png new file mode 100755 index 0000000..69d3934 Binary files /dev/null and b/incubator/tiered-storage/docs/grafana-dashboard2.png differ diff --git a/incubator/tiered-storage/docs/prometheus_targets.png b/incubator/tiered-storage/docs/prometheus_targets.png new file mode 100755 index 0000000..29d78da Binary files /dev/null and b/incubator/tiered-storage/docs/prometheus_targets.png differ diff --git a/incubator/tiered-storage/generate_propery.sh b/incubator/tiered-storage/generate_propery.sh new file mode 100755 index 0000000..2eb1d81 --- /dev/null +++ b/incubator/tiered-storage/generate_propery.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +kubectl create secret generic aws-cred-mount \ +--from-file=credentials=./sensitive-aws.credentials \ +--from-file=config=./aws.config \ +--dry-run=client --output=yaml > ./sensitive-aws-cred-mount.yaml \ No newline at end of file diff --git a/incubator/tiered-storage/kafka.yaml b/incubator/tiered-storage/kafka.yaml new file mode 100644 index 0000000..458619f --- /dev/null +++ b/incubator/tiered-storage/kafka.yaml @@ -0,0 +1,28 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: Kafka +metadata: + name: kafka +spec: + configOverrides: + server: + - confluent.tier.feature=true + - confluent.tier.enable=true + - confluent.tier.backend=S3 + - confluent.tier.s3.bucket=oso-confluent-tiered-storage-example + - confluent.tier.s3.region=eu-west-2 + - confluent.tier.s3.cred.file.path=/mnt/aws-creds/credentials + - confluent.tier.fetcher.num.threads = 4 + - confluent.tier.fetcher.num.threads = 2 + - confluent.tier.topic.delete.check.interval.ms = 3600000 + - log.segment.bytes = 104857600 # 104857600 == 100MB + - confluent.tier.local.hotset.ms = 60000 # 3600000 == 1 hour + mountedVolumes: + volumeMounts: + - name: aws-cred-mount + mountPath: /mnt/aws-creds + readOnly: true + volumes: + - name: aws-cred-mount + secret: + secretName: aws-cred-mount + diff --git a/incubator/tiered-storage/kustomization.yaml b/incubator/tiered-storage/kustomization.yaml new file mode 100644 index 0000000..52e1285 --- /dev/null +++ b/incubator/tiered-storage/kustomization.yaml @@ -0,0 +1,12 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +namespace: sandbox +resources: + - namespace.yaml + - ../../base/cfk-components/confluent-no-auth-no-tls + - ../../resources/producers/4-producers-no-tls + - monitoring + - aws-cred-mount.yaml +patchesStrategicMerge: + - kafka.yaml + + diff --git a/incubator/tiered-storage/monitoring/grafana/configmap.yaml b/incubator/tiered-storage/monitoring/grafana/configmap.yaml new file mode 100644 index 0000000..7752041 --- /dev/null +++ b/incubator/tiered-storage/monitoring/grafana/configmap.yaml @@ -0,0 +1,24 @@ +--- +# Source: grafana/templates/configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: oso-grafana-envvars + namespace: default + labels: + app.kubernetes.io/name: grafana + helm.sh/chart: grafana-6.1.11 + app.kubernetes.io/instance: oso + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: grafana +data: + GF_SECURITY_ADMIN_USER: "admin" + GF_INSTALL_PLUGINS: "" + GF_PATHS_PLUGINS: "/opt/bitnami/grafana/data/plugins" + GF_AUTH_LDAP_ENABLED: "false" + GF_AUTH_LDAP_CONFIG_FILE: "/opt/bitnami/grafana/conf/ldap.toml" + GF_AUTH_LDAP_ALLOW_SIGN_UP: "false" + GF_PATHS_PROVISIONING: "/opt/bitnami/grafana/conf/provisioning" + GF_PATHS_CONFIG: "/opt/bitnami/grafana/conf/grafana.ini" + GF_PATHS_DATA: "/opt/bitnami/grafana/data" + GF_PATHS_LOGS: "/opt/bitnami/grafana/logs" diff --git a/incubator/tiered-storage/monitoring/grafana/dashboard-config.yaml b/incubator/tiered-storage/monitoring/grafana/dashboard-config.yaml new file mode 100644 index 0000000..8cc2884 --- /dev/null +++ b/incubator/tiered-storage/monitoring/grafana/dashboard-config.yaml @@ -0,0 +1,24 @@ +--- +# Source: prometheus/templates/server/cm.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + component: "server" + app: grafna + release: oso + name: oso-grafana-server-dashboard-config +data: + config.yaml: | + apiVersion: 1 + providers: + - name: 'oso-provider' + orgId: 1 + folder: 'confluent-examples' + type: file + disableDeletion: true + updateIntervalSeconds: 10 + allowUiUpdates: true + options: + path: /opt/bitnami/grafana/conf/provisioning/dashboard-source + foldersFromFilesStructure: true diff --git a/incubator/tiered-storage/monitoring/grafana/dashboards.yaml b/incubator/tiered-storage/monitoring/grafana/dashboards.yaml new file mode 100644 index 0000000..a8d2c4a --- /dev/null +++ b/incubator/tiered-storage/monitoring/grafana/dashboards.yaml @@ -0,0 +1,663 @@ +--- +# Source: prometheus/templates/server/cm.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + component: "server" + app: grafna + release: oso + name: oso-grafana-server-dashboards +data: + confluent-platform.json: | + { + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "description": "Kafka resource usage and throughput", + "editable": true, + "gnetId": 7589, + "graphTooltip": 0, + "id": 2, + "iteration": 1632223576629, + "links": [], + "panels": [ + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 10, + "w": 10, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 14, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": 480, + "sort": "max", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.1.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(kafka_topic_partition_current_offset{instance=\"$instance\", topic=~\"$topic\"}[1m])) by (topic)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{topic}}", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Message in per second", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 10, + "w": 10, + "x": 10, + "y": 0 + }, + "hiddenSeries": false, + "id": 12, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": 480, + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.1.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(kafka_consumergroup_lag{instance=\"$instance\",topic=~\"$topic\"}) by (consumergroup, topic) ", + "format": "time_series", + "instant": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{consumergroup}} (topic: {{topic}})", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Lag by Consumer Group", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": "", + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 10, + "w": 10, + "x": 0, + "y": 10 + }, + "hiddenSeries": false, + "id": 16, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": 480, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.1.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(delta(kafka_topic_partition_current_offset{instance=~'$instance', topic=~\"$topic\"}[5m])/5) by (topic)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{topic}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Message in per minute", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 10, + "w": 10, + "x": 10, + "y": 10 + }, + "hiddenSeries": false, + "id": 18, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": 480, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.1.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(delta(kafka_consumergroup_current_offset{instance=~'$instance',topic=~\"$topic\"}[5m])/5) by (consumergroup, topic)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{consumergroup}} (topic: {{topic}})", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Message consume per minute", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 20, + "x": 0, + "y": 20 + }, + "hiddenSeries": false, + "id": 8, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": 420, + "total": false, + "values": true + }, + "lines": false, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.1.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum by(topic) (kafka_topic_partitions{instance=\"$instance\",topic=~\"$topic\"})", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{topic}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Partitions per Topic", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "series", + "name": null, + "show": false, + "values": [ + "current" + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "refresh": "5s", + "schemaVersion": 30, + "style": "dark", + "tags": [ + "Kafka" + ], + "templating": { + "list": [ + { + "allValue": null, + "current": { + "selected": false, + "text": "kafka-exporter", + "value": "kafka-exporter" + }, + "datasource": "prometheus", + "definition": "", + "description": null, + "error": null, + "hide": 0, + "includeAll": false, + "label": "Job", + "multi": false, + "name": "job", + "options": [], + "query": { + "query": "label_values(kafka_consumergroup_current_offset, job)", + "refId": "prometheus-job-Variable-Query" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "selected": true, + "text": "oso-prometheus-kafka-exporter:9308", + "value": "oso-prometheus-kafka-exporter:9308" + }, + "datasource": "prometheus", + "definition": "", + "description": null, + "error": null, + "hide": 0, + "includeAll": false, + "label": "Instance", + "multi": false, + "name": "instance", + "options": [], + "query": { + "query": "label_values(kafka_consumergroup_current_offset{job=~\"$job\"}, instance)", + "refId": "prometheus-instance-Variable-Query" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "selected": true, + "text": [ + "alpha-topic", + "bravo-topic", + "charlie-topic", + "delta-topic" + ], + "value": [ + "alpha-topic", + "bravo-topic", + "charlie-topic", + "delta-topic" + ] + }, + "datasource": "prometheus", + "definition": "", + "description": null, + "error": null, + "hide": 0, + "includeAll": true, + "label": "Topic", + "multi": true, + "name": "topic", + "options": [], + "query": { + "query": "label_values(kafka_topic_partition_current_offset{instance='$instance',topic!='__consumer_offsets',topic!='--kafka'}, topic)", + "refId": "prometheus-topic-Variable-Query" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-5m", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "browser", + "title": "Kafka Exporter Overview", + "uid": "nfUWQVH7k", + "version": 1 + } \ No newline at end of file diff --git a/incubator/tiered-storage/monitoring/grafana/dashboards/confluent-platform.json b/incubator/tiered-storage/monitoring/grafana/dashboards/confluent-platform.json new file mode 100644 index 0000000..c4cbbe1 --- /dev/null +++ b/incubator/tiered-storage/monitoring/grafana/dashboards/confluent-platform.json @@ -0,0 +1,651 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "description": "Kafka resource usage and throughput", + "editable": true, + "gnetId": 7589, + "graphTooltip": 0, + "id": 2, + "iteration": 1632223576629, + "links": [], + "panels": [ + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 10, + "w": 10, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 14, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": 480, + "sort": "max", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.1.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(kafka_topic_partition_current_offset{instance=\"$instance\", topic=~\"$topic\"}[1m])) by (topic)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{topic}}", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Message in per second", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 10, + "w": 10, + "x": 10, + "y": 0 + }, + "hiddenSeries": false, + "id": 12, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": 480, + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.1.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(kafka_consumergroup_lag{instance=\"$instance\",topic=~\"$topic\"}) by (consumergroup, topic) ", + "format": "time_series", + "instant": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{consumergroup}} (topic: {{topic}})", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Lag by Consumer Group", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": "", + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 10, + "w": 10, + "x": 0, + "y": 10 + }, + "hiddenSeries": false, + "id": 16, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": 480, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.1.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(delta(kafka_topic_partition_current_offset{instance=~'$instance', topic=~\"$topic\"}[5m])/5) by (topic)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{topic}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Message in per minute", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 10, + "w": 10, + "x": 10, + "y": 10 + }, + "hiddenSeries": false, + "id": 18, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": 480, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.1.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(delta(kafka_consumergroup_current_offset{instance=~'$instance',topic=~\"$topic\"}[5m])/5) by (consumergroup, topic)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{consumergroup}} (topic: {{topic}})", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Message consume per minute", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 20, + "x": 0, + "y": 20 + }, + "hiddenSeries": false, + "id": 8, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": 420, + "total": false, + "values": true + }, + "lines": false, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.1.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum by(topic) (kafka_topic_partitions{instance=\"$instance\",topic=~\"$topic\"})", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{topic}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Partitions per Topic", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "series", + "name": null, + "show": false, + "values": [ + "current" + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "refresh": "5s", + "schemaVersion": 30, + "style": "dark", + "tags": [ + "Kafka" + ], + "templating": { + "list": [ + { + "allValue": null, + "current": { + "selected": false, + "text": "kafka-exporter", + "value": "kafka-exporter" + }, + "datasource": "prometheus", + "definition": "", + "description": null, + "error": null, + "hide": 0, + "includeAll": false, + "label": "Job", + "multi": false, + "name": "job", + "options": [], + "query": { + "query": "label_values(kafka_consumergroup_current_offset, job)", + "refId": "prometheus-job-Variable-Query" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "selected": true, + "text": "oso-prometheus-kafka-exporter:9308", + "value": "oso-prometheus-kafka-exporter:9308" + }, + "datasource": "prometheus", + "definition": "", + "description": null, + "error": null, + "hide": 0, + "includeAll": false, + "label": "Instance", + "multi": false, + "name": "instance", + "options": [], + "query": { + "query": "label_values(kafka_consumergroup_current_offset{job=~\"$job\"}, instance)", + "refId": "prometheus-instance-Variable-Query" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "selected": true, + "text": [ + "alpha-topic", + "bravo-topic", + "charlie-topic", + "delta-topic" + ], + "value": [ + "alpha-topic", + "bravo-topic", + "charlie-topic", + "delta-topic" + ] + }, + "datasource": "prometheus", + "definition": "", + "description": null, + "error": null, + "hide": 0, + "includeAll": true, + "label": "Topic", + "multi": true, + "name": "topic", + "options": [], + "query": { + "query": "label_values(kafka_topic_partition_current_offset{instance='$instance',topic!='__consumer_offsets',topic!='--kafka'}, topic)", + "refId": "prometheus-topic-Variable-Query" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-5m", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "browser", + "title": "Kafka Exporter Overview", + "uid": "nfUWQVH7k", + "version": 1 +} \ No newline at end of file diff --git a/incubator/tiered-storage/monitoring/grafana/dashboards/kafak-lag-exporter.json b/incubator/tiered-storage/monitoring/grafana/dashboards/kafak-lag-exporter.json new file mode 100644 index 0000000..f81904d --- /dev/null +++ b/incubator/tiered-storage/monitoring/grafana/dashboards/kafak-lag-exporter.json @@ -0,0 +1,1038 @@ +{ + "__inputs": [ + { + "name": "prometheus", + "label": "Instance", + "description": "", + "type": "datasource", + "pluginId": "prometheus", + "pluginName": "Prometheus" + } + ], + "__requires": [ + { + "type": "grafana", + "id": "grafana", + "name": "Grafana", + "version": "5.3.4" + }, + { + "type": "panel", + "id": "graph", + "name": "Graph", + "version": "5.0.0" + }, + { + "type": "datasource", + "id": "prometheus", + "name": "Prometheus", + "version": "5.0.0" + } + ], + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": null, + "iteration": 1556312150750, + "links": [], + "panels": [ + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 28, + "panels": [], + "repeat": null, + "title": "All Consumer Group Lag", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "description": "Max extrapolated lag in seconds for each consumer group.", + "fill": 1, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 1 + }, + "id": 102, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "topk(50, kafka_consumergroup_group_max_lag_seconds{namespace=\"$namespace\",cluster_name=\"$cluster_name\",group=~\"$consumer_group\"})", + "format": "time_series", + "hide": false, + "intervalFactor": 1, + "legendFormat": "{{group}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Consumer Group Max Lag Seconds", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "s", + "label": "estimated lag in seconds", + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "description": "Extrapolated lag in seconds for each partition.", + "fill": 1, + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 1 + }, + "id": 103, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "topk(25, kafka_consumergroup_group_lag_seconds{namespace=\"$namespace\",cluster_name=\"$cluster_name\",group=~\"$consumer_group\"})", + "format": "time_series", + "hide": false, + "intervalFactor": 1, + "legendFormat": "{{group}},{{topic}},{{partition}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Consumer Group Lag Partition Seconds", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "s", + "label": "estimated lag in seconds", + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "description": "Max offset lag for each consumer group.", + "fill": 1, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 11 + }, + "id": 98, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "repeatDirection": "h", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "topk(50, kafka_consumergroup_group_max_lag{namespace=\"$namespace\",cluster_name=\"$cluster_name\",group=~\"$consumer_group\"})", + "format": "time_series", + "hide": false, + "intervalFactor": 1, + "legendFormat": "{{group}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Consumer Group Max Lag Offsets", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "none", + "label": "offsets", + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "description": "Consumer Group Lag Partition Offsets", + "fill": 1, + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 11 + }, + "id": 82, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "topk(25, kafka_consumergroup_group_lag{namespace=\"$namespace\",cluster_name=\"$cluster_name\",group=~\"$consumer_group\"})", + "format": "time_series", + "hide": false, + "intervalFactor": 1, + "legendFormat": "{{group}},{{topic}},{{partition}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Consumer Group Lag Partition Offsets", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "none", + "label": "offsets", + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": "offsets_2", + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 21 + }, + "id": 149, + "panels": [], + "title": "Consumer Group Lag In Time Per Group Over Offset Lag", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "description": "", + "fill": 0, + "gridPos": { + "h": 8, + "w": 8, + "x": 0, + "y": 22 + }, + "id": 147, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "minSpan": 8, + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": "consumer_group", + "repeatDirection": "h", + "seriesOverrides": [ + { + "alias": "Consumer group lag in offsets", + "color": "#cca300", + "linewidth": 2, + "yaxis": 2 + }, + { + "alias": "Consumer group lag in time", + "color": "rgb(255, 0, 0)", + "linewidth": 2, + "yaxis": 1 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "kafka_consumergroup_group_max_lag_seconds{namespace=\"$namespace\",cluster_name=\"$cluster_name\",group=~\"$consumer_group\"}", + "format": "time_series", + "hide": false, + "intervalFactor": 1, + "legendFormat": "Consumer group lag in time", + "refId": "A" + }, + { + "expr": "kafka_consumergroup_group_max_lag{namespace=\"$namespace\",cluster_name=\"$cluster_name\",group=~\"$consumer_group\"}", + "format": "time_series", + "hide": false, + "intervalFactor": 1, + "legendFormat": "Consumer group lag in offsets", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "$consumer_group", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "transparent": false, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "s", + "label": "estimated lag in seconds", + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": "lag in offsets", + "logBase": 1, + "max": null, + "min": "0", + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 30 + }, + "id": 106, + "panels": [], + "title": "Consumer Group Lag in Time Per Group Over Summed Offsets", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "description": "", + "fill": 0, + "gridPos": { + "h": 8, + "w": 8, + "x": 0, + "y": 31 + }, + "id": 107, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "minSpan": 8, + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": "consumer_group", + "repeatDirection": "h", + "seriesOverrides": [ + { + "alias": "Sum of group offsets", + "yaxis": 2 + }, + { + "alias": "Sum of latest offsets", + "yaxis": 2 + }, + { + "alias": "/Consumer group.*/", + "color": "rgb(255, 0, 0)", + "linewidth": 2 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "max(kafka_consumergroup_group_lag_seconds{namespace=\"$namespace\",cluster_name=\"$cluster_name\",group=~\"$consumer_group\"}) by (group)", + "format": "time_series", + "hide": false, + "intervalFactor": 1, + "legendFormat": "Consumer group lag in time", + "refId": "A" + }, + { + "expr": "sum(kafka_consumergroup_group_offset{namespace=\"$namespace\",cluster_name=\"$cluster_name\",group=~\"$consumer_group\"})", + "format": "time_series", + "hide": false, + "intervalFactor": 1, + "legendFormat": "Sum of group offsets", + "refId": "B" + }, + { + "expr": "sum((kafka_consumergroup_group_offset{namespace=\"$namespace\",cluster_name=\"$cluster_name\",group=~\"$consumer_group\"} * 0)\n+ on(namespace,cluster_name,topic,partition) group_left() kafka_partition_latest_offset{namespace=\"$namespace\",cluster_name=\"$cluster_name\"})", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "Sum of latest offsets", + "refId": "C" + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "$consumer_group", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "transparent": false, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "s", + "label": "estimated lag in seconds", + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": "offset", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 39 + }, + "id": 101, + "panels": [], + "title": "Kafka Lag Exporter JVM Metrics", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "fill": 1, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 40 + }, + "id": 99, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(jvm_memory_bytes_used{app_kubernetes_io_instance=\"kafka-lag-exporter\"}[5m])) by (kubernetes_pod_name)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{kubernetes_pod_name}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "JVM Memory Used", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "decbytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "fill": 1, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 40 + }, + "id": 95, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(jvm_gc_collection_seconds_sum{app_kubernetes_io_instance=\"kafka-lag-exporter\"}[5m])) by (kubernetes_pod_name)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{kubernetes_pod_name}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "JVM GC Time", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "fill": 1, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 40 + }, + "id": 97, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(jvm_gc_collection_seconds_count{app_kubernetes_io_instance=\"kafka-lag-exporter\"}[5m])) by (kubernetes_pod_name)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{kubernetes_pod_name}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "JVM GC Rate", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "refresh": "5m", + "schemaVersion": 16, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "allValue": null, + "current": {}, + "datasource": "prometheus", + "hide": 0, + "includeAll": false, + "label": "Namespace", + "multi": false, + "name": "namespace", + "options": [], + "query": "query_result(kafka_consumergroup_group_lag)", + "refresh": 1, + "regex": "/.*namespace=\"([^\"]*).*/", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": {}, + "datasource": "prometheus", + "hide": 0, + "includeAll": false, + "label": "Cluster Name", + "multi": false, + "name": "cluster_name", + "options": [], + "query": "query_result(kafka_consumergroup_group_lag{namespace=\"$namespace\"})", + "refresh": 1, + "regex": "/.*cluster_name=\"([^\"]*).*/", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": ".*", + "current": {}, + "datasource": "prometheus", + "hide": 0, + "includeAll": true, + "label": "Consumer Group", + "multi": true, + "name": "consumer_group", + "options": [], + "query": "query_result(kafka_consumergroup_group_lag{namespace=\"$namespace\",cluster_name=\"$cluster_name\"})", + "refresh": 1, + "regex": "/.*group=\"([^\"]*).*/", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-30m", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "", + "title": "Kafka Lag Exporter", + "uid": "8LW1Yd8ik", + "version": 14 +} \ No newline at end of file diff --git a/incubator/tiered-storage/monitoring/grafana/datasources.yaml b/incubator/tiered-storage/monitoring/grafana/datasources.yaml new file mode 100644 index 0000000..b5b843d --- /dev/null +++ b/incubator/tiered-storage/monitoring/grafana/datasources.yaml @@ -0,0 +1,22 @@ +--- +# Source: prometheus/templates/server/cm.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + component: "server" + app: grafna + release: oso + name: oso-grafana-server-datasources +data: + prometheus.yml: | + apiVersion: 1 + datasources: + - access: 'proxy' + editable: true + is_default: true + name: 'prometheus' + org_id: 1 + type: 'prometheus' + url: 'http://oso-prometheus-server:80' + version: 1 \ No newline at end of file diff --git a/incubator/tiered-storage/monitoring/grafana/deployment.yaml b/incubator/tiered-storage/monitoring/grafana/deployment.yaml new file mode 100644 index 0000000..d4dc9db --- /dev/null +++ b/incubator/tiered-storage/monitoring/grafana/deployment.yaml @@ -0,0 +1,118 @@ +--- +# Source: grafana/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: oso-grafana + namespace: default + labels: + app.kubernetes.io/name: grafana + helm.sh/chart: grafana-6.1.11 + app.kubernetes.io/instance: oso + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: grafana +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: grafana + app.kubernetes.io/instance: oso + app.kubernetes.io/component: grafana + strategy: + type: RollingUpdate + template: + metadata: + labels: + app.kubernetes.io/name: grafana + helm.sh/chart: grafana-6.1.11 + app.kubernetes.io/instance: oso + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: grafana + annotations: + checksum/secret: 071b561f1f90acdf28cf77c354e8db5aa60fe52dc656c5f175e72a7aed28abe5 + checksum/config: ca8b427900a3dcdd9888348a7e0abc43422f5e557b57164c9464a5b5c0e0e957 + checksum/dashboard-provider: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + spec: + serviceAccountName: oso-grafana + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: grafana + app.kubernetes.io/instance: oso + app.kubernetes.io/component: grafana + namespaces: + - "default" + topologyKey: kubernetes.io/hostname + weight: 1 + nodeAffinity: + + securityContext: + runAsUser: 1001 + fsGroup: 1001 + runAsNonRoot: true + containers: + - name: grafana + image: docker.io/bitnami/grafana:8.1.2-debian-10-r6 + imagePullPolicy: IfNotPresent + envFrom: + - configMapRef: + name: oso-grafana-envvars + env: + - name: GF_INSTALL_PLUGINS + value: "grafana-piechart-panel" + - name: GF_SECURITY_ADMIN_USER + value: "admin" + - name: GF_SECURITY_ADMIN_PASSWORD + value: "password" + - name: GF_USERS_ALLOW_SIGN_UP + value: "false" + volumeMounts: + - name: data + mountPath: /opt/bitnami/grafana/data + - name: data-sources + mountPath: /opt/bitnami/grafana/conf/provisioning/datasources + - name: dashboard-config + mountPath: /opt/bitnami/grafana/conf/provisioning/dashboards + - name: dashboards + mountPath: /opt/bitnami/grafana/conf/provisioning/dashboard-source + ports: + - name: dashboard + containerPort: 3000 + protocol: TCP + livenessProbe: + httpGet: + path: /api/health + port: dashboard + initialDelaySeconds: 120 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + readinessProbe: + httpGet: + path: /api/health + port: dashboard + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + resources: + limits: {} + requests: {} + volumes: + - name: data + persistentVolumeClaim: + claimName: oso-grafana + - name: data-sources + configMap: + name: oso-grafana-server-datasources + - name: dashboards + configMap: + name: oso-grafana-server-dashboards + - name: dashboard-config + configMap: + name: oso-grafana-server-dashboard-config diff --git a/incubator/tiered-storage/monitoring/grafana/kustomization.yaml b/incubator/tiered-storage/monitoring/grafana/kustomization.yaml new file mode 100644 index 0000000..bfde9c9 --- /dev/null +++ b/incubator/tiered-storage/monitoring/grafana/kustomization.yaml @@ -0,0 +1,26 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: sandbox +resources: +- configmap.yaml +- datasources.yaml +#- dashboards.yaml +- dashboard-config.yaml +- deployment.yaml +- pvc.yaml +- secret.yaml +- service.yaml +- serviceaccount.yaml + +configMapGenerator: + - name: oso-grafana-server-dashboards + files: + - dashboards/confluent-platform.json + - dashboards/kafak-lag-exporter.json + +generatorOptions: + disableNameSuffixHash: true + labels: + component: "server" + app: grafna + release: oso \ No newline at end of file diff --git a/incubator/tiered-storage/monitoring/grafana/pvc.yaml b/incubator/tiered-storage/monitoring/grafana/pvc.yaml new file mode 100644 index 0000000..9a0f348 --- /dev/null +++ b/incubator/tiered-storage/monitoring/grafana/pvc.yaml @@ -0,0 +1,19 @@ +--- +# Source: grafana/templates/pvc.yaml +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: oso-grafana + namespace: default + labels: + app.kubernetes.io/name: grafana + helm.sh/chart: grafana-6.1.11 + app.kubernetes.io/instance: oso + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: grafana +spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "10Gi" diff --git a/incubator/tiered-storage/monitoring/grafana/secret.yaml b/incubator/tiered-storage/monitoring/grafana/secret.yaml new file mode 100644 index 0000000..7734e43 --- /dev/null +++ b/incubator/tiered-storage/monitoring/grafana/secret.yaml @@ -0,0 +1,16 @@ +--- +# Source: grafana/templates/secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: oso-grafana-admin + namespace: default + labels: + app.kubernetes.io/name: grafana + helm.sh/chart: grafana-6.1.11 + app.kubernetes.io/instance: oso + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: grafana +type: Opaque +data: + GF_SECURITY_ADMIN_PASSWORD: "T2gwaGk1a3NNcA==" diff --git a/incubator/tiered-storage/monitoring/grafana/service.yaml b/incubator/tiered-storage/monitoring/grafana/service.yaml new file mode 100644 index 0000000..b7e327e --- /dev/null +++ b/incubator/tiered-storage/monitoring/grafana/service.yaml @@ -0,0 +1,25 @@ +--- +# Source: grafana/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: oso-grafana + namespace: default + labels: + app.kubernetes.io/name: grafana + helm.sh/chart: grafana-6.1.11 + app.kubernetes.io/instance: oso + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: grafana +spec: + type: ClusterIP + ports: + - port: 3000 + targetPort: dashboard + protocol: TCP + name: http + nodePort: null + selector: + app.kubernetes.io/name: grafana + app.kubernetes.io/instance: oso + app.kubernetes.io/component: grafana diff --git a/incubator/tiered-storage/monitoring/grafana/serviceaccount.yaml b/incubator/tiered-storage/monitoring/grafana/serviceaccount.yaml new file mode 100644 index 0000000..31d011f --- /dev/null +++ b/incubator/tiered-storage/monitoring/grafana/serviceaccount.yaml @@ -0,0 +1,14 @@ +--- +# Source: grafana/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: oso-grafana + namespace: default + labels: + app.kubernetes.io/name: grafana + helm.sh/chart: grafana-6.1.11 + app.kubernetes.io/instance: oso + app.kubernetes.io/managed-by: Helm +secrets: + - name: oso-grafana-admin diff --git a/incubator/tiered-storage/monitoring/kustomization.yaml b/incubator/tiered-storage/monitoring/kustomization.yaml new file mode 100644 index 0000000..6623a8b --- /dev/null +++ b/incubator/tiered-storage/monitoring/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +namespace: sandbox +resources: + - grafana + - prometheus + + diff --git a/incubator/tiered-storage/monitoring/prometheus/kafka-exporter/deploy.yaml b/incubator/tiered-storage/monitoring/prometheus/kafka-exporter/deploy.yaml new file mode 100644 index 0000000..30ab8b3 --- /dev/null +++ b/incubator/tiered-storage/monitoring/prometheus/kafka-exporter/deploy.yaml @@ -0,0 +1,27 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kafka-exporter +spec: + selector: + matchLabels: + app: kafka-exporter + replicas: 1 + template: + metadata: + labels: + component: "server" + app: kafka-exporter + spec: + enableServiceLinks: true + serviceAccountName: oso-prometheus-server + containers: + - name: kafka-exporter + image: "danielqsj/kafka-exporter:latest" + imagePullPolicy: Always + args: + - --kafka.server=kafka:9071 + ports: + - name: "kexporter" + containerPort: 9308 + protocol: TCP \ No newline at end of file diff --git a/incubator/tiered-storage/monitoring/prometheus/kafka-exporter/kustomization.yaml b/incubator/tiered-storage/monitoring/prometheus/kafka-exporter/kustomization.yaml new file mode 100644 index 0000000..61e1497 --- /dev/null +++ b/incubator/tiered-storage/monitoring/prometheus/kafka-exporter/kustomization.yaml @@ -0,0 +1,4 @@ +namespace: sandbox +resources: +- deploy.yaml +- service.yaml diff --git a/incubator/tiered-storage/monitoring/prometheus/kafka-exporter/service.yaml b/incubator/tiered-storage/monitoring/prometheus/kafka-exporter/service.yaml new file mode 100644 index 0000000..52a9184 --- /dev/null +++ b/incubator/tiered-storage/monitoring/prometheus/kafka-exporter/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: kafka-exporter + labels: + service: kafka-exporter-service +spec: + type: ClusterIP + ports: + - port: 9308 + name: "kexporter" + targetPort: 9308 + protocol: TCP + selector: + app: kafka-exporter diff --git a/incubator/tiered-storage/monitoring/prometheus/kustomization.yaml b/incubator/tiered-storage/monitoring/prometheus/kustomization.yaml new file mode 100644 index 0000000..6b49192 --- /dev/null +++ b/incubator/tiered-storage/monitoring/prometheus/kustomization.yaml @@ -0,0 +1,7 @@ +namespace: sandbox +resources: +- server +- kafka-exporter +#- node-exporter +#- alertmanager +#- kafka-lag-exporter diff --git a/incubator/tiered-storage/monitoring/prometheus/server/clusterrole.yaml b/incubator/tiered-storage/monitoring/prometheus/server/clusterrole.yaml new file mode 100644 index 0000000..0f05d85 --- /dev/null +++ b/incubator/tiered-storage/monitoring/prometheus/server/clusterrole.yaml @@ -0,0 +1,42 @@ +--- +# Source: prometheus/templates/server/clusterrole.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + component: "server" + app: prometheus + release: oso + chart: prometheus-14.6.0 + heritage: Helm + name: oso-prometheus-server +rules: + - apiGroups: + - "" + resources: + - nodes + - nodes/proxy + - nodes/metrics + - services + - endpoints + - pods + - ingresses + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - "extensions" + - "networking.k8s.io" + resources: + - ingresses/status + - ingresses + verbs: + - get + - list + - watch + - nonResourceURLs: + - "/metrics" + verbs: + - get diff --git a/stable/grafana-prometheus/prometheus/alertmanager/clusterrolebinding.yaml b/incubator/tiered-storage/monitoring/prometheus/server/clusterrolebinding.yaml similarity index 59% rename from stable/grafana-prometheus/prometheus/alertmanager/clusterrolebinding.yaml rename to incubator/tiered-storage/monitoring/prometheus/server/clusterrolebinding.yaml index f71aa80..70aa7ec 100644 --- a/stable/grafana-prometheus/prometheus/alertmanager/clusterrolebinding.yaml +++ b/incubator/tiered-storage/monitoring/prometheus/server/clusterrolebinding.yaml @@ -1,20 +1,20 @@ --- -# Source: prometheus/templates/alertmanager/clusterrolebinding.yaml +# Source: prometheus/templates/server/clusterrolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: - component: "alertmanager" + component: "server" app: prometheus release: oso chart: prometheus-14.6.0 heritage: Helm - name: oso-prometheus-alertmanager + name: oso-prometheus-server subjects: - kind: ServiceAccount - name: oso-prometheus-alertmanager + name: oso-prometheus-server namespace: default roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: oso-prometheus-alertmanager + name: oso-prometheus-server diff --git a/incubator/tiered-storage/monitoring/prometheus/server/cm.yaml b/incubator/tiered-storage/monitoring/prometheus/server/cm.yaml new file mode 100644 index 0000000..47fff76 --- /dev/null +++ b/incubator/tiered-storage/monitoring/prometheus/server/cm.yaml @@ -0,0 +1,66 @@ +--- +# Source: prometheus/templates/server/cm.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + component: "server" + app: prometheus + release: oso + chart: prometheus-14.6.0 + heritage: Helm + name: oso-prometheus-server + namespace: default +data: + alerting_rules.yml: | + {} + alerts: | + {} + prometheus.yml: | + global: + evaluation_interval: 1m + scrape_interval: 1m + scrape_timeout: 10s + rule_files: + - /etc/config/recording_rules.yml + - /etc/config/alerting_rules.yml + - /etc/config/rules + - /etc/config/alerts + scrape_configs: + - job_name: "prometheus" + static_configs: + - targets: ["localhost:9090"] + - job_name: "zookeeper" + static_configs: + - targets: [ + "zookeeper:7778" + ] + relabel_configs: + - source_labels: [__address__] + target_label: hostname + regex: '([^:]+)(:[0-9]+)?' + replacement: '${1}' + - job_name: "kafka-broker" + static_configs: + - targets: [ + "kafka:7778" + ] + relabel_configs: + - source_labels: [__address__] + target_label: hostname + regex: '([^:]+)(:[0-9]+)?' + replacement: '${1}' + - job_name: "kafka-exporter" + static_configs: + - targets: [ + "kafka-exporter:9308" + ] + relabel_configs: + - source_labels: [__address__] + target_label: hostname + regex: '([^:]+)(:[0-9]+)?' + replacement: '${1}' + recording_rules.yml: | + {} + rules: | + {} diff --git a/incubator/tiered-storage/monitoring/prometheus/server/deploy.yaml b/incubator/tiered-storage/monitoring/prometheus/server/deploy.yaml new file mode 100644 index 0000000..a93fb42 --- /dev/null +++ b/incubator/tiered-storage/monitoring/prometheus/server/deploy.yaml @@ -0,0 +1,98 @@ +--- +# Source: prometheus/templates/server/deploy.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + component: "server" + app: prometheus + release: oso + chart: prometheus-14.6.0 + heritage: Helm + name: oso-prometheus-server + namespace: default +spec: + selector: + matchLabels: + component: "server" + app: prometheus + release: oso + replicas: 1 + template: + metadata: + labels: + component: "server" + app: prometheus + release: oso + chart: prometheus-14.6.0 + heritage: Helm + spec: + enableServiceLinks: true + serviceAccountName: oso-prometheus-server + containers: + - name: prometheus-server-configmap-reload + image: "jimmidyson/configmap-reload:v0.5.0" + imagePullPolicy: "IfNotPresent" + args: + - --volume-dir=/etc/config + - --webhook-url=http://127.0.0.1:9090/-/reload + resources: + {} + volumeMounts: + - name: config-volume + mountPath: /etc/config + readOnly: true + + - name: prometheus-server + image: "quay.io/prometheus/prometheus:v2.26.0" + imagePullPolicy: "IfNotPresent" + args: + - --storage.tsdb.retention.time=15d + - --config.file=/etc/config/prometheus.yml + - --storage.tsdb.path=/data + - --web.console.libraries=/etc/prometheus/console_libraries + - --web.console.templates=/etc/prometheus/consoles + - --web.enable-lifecycle + ports: + - containerPort: 9090 + readinessProbe: + httpGet: + path: /-/ready + port: 9090 + initialDelaySeconds: 30 + periodSeconds: 5 + timeoutSeconds: 4 + failureThreshold: 3 + successThreshold: 1 + livenessProbe: + httpGet: + path: /-/healthy + port: 9090 + initialDelaySeconds: 30 + periodSeconds: 15 + timeoutSeconds: 10 + failureThreshold: 3 + successThreshold: 1 + resources: + {} + volumeMounts: + - name: config-volume + mountPath: /etc/config + - name: storage-volume + mountPath: /data + subPath: "" + hostNetwork: false + dnsPolicy: ClusterFirst + securityContext: + fsGroup: 65534 + runAsGroup: 65534 + runAsNonRoot: true + runAsUser: 65534 + terminationGracePeriodSeconds: 300 + volumes: + - name: config-volume + configMap: + name: oso-prometheus-server + - name: storage-volume + persistentVolumeClaim: + claimName: oso-prometheus-server diff --git a/incubator/tiered-storage/monitoring/prometheus/server/kustomization.yaml b/incubator/tiered-storage/monitoring/prometheus/server/kustomization.yaml new file mode 100644 index 0000000..2061178 --- /dev/null +++ b/incubator/tiered-storage/monitoring/prometheus/server/kustomization.yaml @@ -0,0 +1,9 @@ +namespace: sandbox +resources: +- clusterrole.yaml +- clusterrolebinding.yaml +- cm.yaml +- deploy.yaml +- pvc.yaml +- service.yaml +- serviceaccount.yaml diff --git a/stable/grafana-prometheus/prometheus/alertmanager/pvc.yaml b/incubator/tiered-storage/monitoring/prometheus/server/pvc.yaml similarity index 63% rename from stable/grafana-prometheus/prometheus/alertmanager/pvc.yaml rename to incubator/tiered-storage/monitoring/prometheus/server/pvc.yaml index 2d96e4d..e067b55 100644 --- a/stable/grafana-prometheus/prometheus/alertmanager/pvc.yaml +++ b/incubator/tiered-storage/monitoring/prometheus/server/pvc.yaml @@ -1,19 +1,19 @@ --- -# Source: prometheus/templates/alertmanager/pvc.yaml +# Source: prometheus/templates/server/pvc.yaml apiVersion: v1 kind: PersistentVolumeClaim metadata: labels: - component: "alertmanager" + component: "server" app: prometheus release: oso chart: prometheus-14.6.0 heritage: Helm - name: oso-prometheus-alertmanager + name: oso-prometheus-server namespace: default spec: accessModes: - ReadWriteOnce resources: requests: - storage: "2Gi" + storage: "8Gi" diff --git a/stable/grafana-prometheus/prometheus/alertmanager/service.yaml b/incubator/tiered-storage/monitoring/prometheus/server/service.yaml similarity index 64% rename from stable/grafana-prometheus/prometheus/alertmanager/service.yaml rename to incubator/tiered-storage/monitoring/prometheus/server/service.yaml index 3a4db20..7fe17b5 100644 --- a/stable/grafana-prometheus/prometheus/alertmanager/service.yaml +++ b/incubator/tiered-storage/monitoring/prometheus/server/service.yaml @@ -1,24 +1,24 @@ --- -# Source: prometheus/templates/alertmanager/service.yaml +# Source: prometheus/templates/server/service.yaml apiVersion: v1 kind: Service metadata: labels: - component: "alertmanager" + component: "server" app: prometheus release: oso chart: prometheus-14.6.0 heritage: Helm - name: oso-prometheus-alertmanager + name: oso-prometheus-server namespace: default spec: ports: - name: http port: 80 protocol: TCP - targetPort: 9093 + targetPort: 9090 selector: - component: "alertmanager" + component: "server" app: prometheus release: oso sessionAffinity: None diff --git a/stable/grafana-prometheus/prometheus/alertmanager/serviceaccount.yaml b/incubator/tiered-storage/monitoring/prometheus/server/serviceaccount.yaml similarity index 59% rename from stable/grafana-prometheus/prometheus/alertmanager/serviceaccount.yaml rename to incubator/tiered-storage/monitoring/prometheus/server/serviceaccount.yaml index f57d4e5..60e510e 100644 --- a/stable/grafana-prometheus/prometheus/alertmanager/serviceaccount.yaml +++ b/incubator/tiered-storage/monitoring/prometheus/server/serviceaccount.yaml @@ -1,15 +1,15 @@ --- -# Source: prometheus/templates/alertmanager/serviceaccount.yaml +# Source: prometheus/templates/server/serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: labels: - component: "alertmanager" + component: "server" app: prometheus release: oso chart: prometheus-14.6.0 heritage: Helm - name: oso-prometheus-alertmanager + name: oso-prometheus-server namespace: default annotations: {} diff --git a/incubator/replicator/source/namespace.yaml b/incubator/tiered-storage/namespace.yaml similarity index 100% rename from incubator/replicator/source/namespace.yaml rename to incubator/tiered-storage/namespace.yaml diff --git a/incubator/userprovided-mtls/README.md b/incubator/userprovided-mtls/README.md deleted file mode 100644 index 2e50b65..0000000 --- a/incubator/userprovided-mtls/README.md +++ /dev/null @@ -1,20 +0,0 @@ -# User Provider mTLS - -In this scenario example, you'll deploy the Confluent platform each with its own certificate to validate the architecture and deployment. The certificates that are generated in this example use the `sandbox` namespace. **NOTE** You will need to change this for your environment which is why the generate_certificates.sh script is used. - -1. Create one server certificate per Confluent component service. You'll use the same certificate authority for all. Update `zookeeper-server-domain.json` and `kafka-server-domain.json` with your namespace and generate certificates for each component. - -```shell - cd examples/userprovided-mtls - ./generate_certificates.sh -``` - -2. Deploy the CRDS using the standard way: -```shell -kubectl apply -k ../../kustomize/crds -``` - -3. Deploy the mTLS example which use Kustomize to pull in the base and example overlays using the following -```shell -kubectl apply -k . -``` diff --git a/incubator/userprovided-mtls/confluent/control-center.yaml b/incubator/userprovided-mtls/confluent/control-center.yaml deleted file mode 100644 index bb93fdd..0000000 --- a/incubator/userprovided-mtls/confluent/control-center.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: ControlCenter -metadata: - name: controlcenter -spec: - dependencies: - kafka: - authentication: - type: mtls - diff --git a/incubator/userprovided-mtls/confluent/kafka.yaml b/incubator/userprovided-mtls/confluent/kafka.yaml deleted file mode 100644 index 444e310..0000000 --- a/incubator/userprovided-mtls/confluent/kafka.yaml +++ /dev/null @@ -1,19 +0,0 @@ ---- -apiVersion: platform.confluent.io/v1beta1 -kind: Kafka -metadata: - name: kafka -spec: - listeners: - internal: - authentication: - type: mtls - principalMappingRules: - - RULE:.*CN[\s]?=[\s]?([a-zA-Z0-9.]*)?.*/$1/ - dependencies: - zookeeper: - authentication: - type: mtls - jaasConfig: null - - diff --git a/incubator/userprovided-mtls/confluent/rest-class.yaml b/incubator/userprovided-mtls/confluent/rest-class.yaml deleted file mode 100644 index 4839abf..0000000 --- a/incubator/userprovided-mtls/confluent/rest-class.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: KafkaRestClass -metadata: - name: default -spec: - kafkaRest: - authentication: - type: mtls - tls: - directoryPathInContainer: /mnt/sslcerts/ - secretRef: tls-kafka - diff --git a/incubator/userprovided-mtls/confluent/zookeeper.yaml b/incubator/userprovided-mtls/confluent/zookeeper.yaml deleted file mode 100644 index 08c051d..0000000 --- a/incubator/userprovided-mtls/confluent/zookeeper.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: Zookeeper -metadata: - name: zookeeper -spec: - authentication: - type: mtls - principalMappingRules: - - RULE:.*CN[\s]?=[\s]?([a-zA-Z0-9.]*)?.*/$1/ \ No newline at end of file diff --git a/incubator/userprovided-mtls/here.yaml b/incubator/userprovided-mtls/here.yaml deleted file mode 100644 index adc454d..0000000 --- a/incubator/userprovided-mtls/here.yaml +++ /dev/null @@ -1,686 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: sandbox ---- -apiVersion: v1 -imagePullSecrets: -- name: confluent-registry -kind: ServiceAccount -metadata: - labels: - app: confluent-for-kubernetes - app.kubernetes.io/component: confluent-operator - app.kubernetes.io/instance: RELEASE-NAME - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: confluent-for-kubernetes - helm.sh/chart: confluent-for-kubernetes-0.304.2 - name: confluent-for-kubernetes - namespace: sandbox ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app: confluent-for-kubernetes - app.kubernetes.io/component: confluent-operator - app.kubernetes.io/instance: RELEASE-NAME - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: confluent-for-kubernetes - helm.sh/chart: confluent-for-kubernetes-0.304.2 - name: confluent-operator -rules: -- apiGroups: - - cluster.confluent.com - resources: - - zookeeperclusters - - zookeeperclusters/status - - zookeeperclusters/scale - - zookeeperclusters/finalizers - - kafkaclusters - - kafkaclusters/status - - kafkaclusters/scale - - kafkaclusters/finalizers - verbs: - - '*' -- apiGroups: - - operator.confluent.cloud - resources: - - physicalstatefulclusters - - physicalstatefulclusters/scale - - physicalstatefulclusters/status - - physicalstatefulclusters/finalizers - verbs: - - '*' -- apiGroups: - - platform.confluent.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - route.openshift.io - resources: - - routes - - routes/custom-host - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - apps - resources: - - statefulsets - - statefulsets/scale - - statefulsets/status - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - configmaps - - events - - persistentvolumeclaims - - secrets - - secrets/finalizers - - pods - - services - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - networking.k8s.io - resources: - - ingresses - - ingresses/status - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app: confluent-for-kubernetes - app.kubernetes.io/component: confluent-operator - app.kubernetes.io/instance: RELEASE-NAME - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: confluent-for-kubernetes - helm.sh/chart: confluent-for-kubernetes-0.304.2 - name: confluent-operator -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: confluent-operator -subjects: -- kind: ServiceAccount - name: confluent-for-kubernetes - namespace: sandbox ---- -apiVersion: v1 -data: - 0_groups.ldif: |- - dn: ou=groups,dc=test,dc=com - objectClass: organizationalUnit - objectClass: top - ou: groups - 0_users.ldif: |- - dn: ou=users,dc=test,dc=com - objectClass: organizationalUnit - objectClass: top - ou: users - 1_alice.ldif: |- - dn: cn=alice,ou=users,dc=test,dc=com - userPassword: alice-secret - objectClass: simpleSecurityObject - objectClass: organizationalRole - description: Alice is great at changing perspectives, but sometimes chases down rabbit holes - cn: alice - 1_c3-test.ldif: |- - dn: cn=testadmin,ou=users,dc=test,dc=com - userPassword: testadmin - description: testadmin user - objectClass: simpleSecurityObject - objectClass: organizationalRole - cn: testadmin - 1_c3.ldif: |- - dn: cn=c3,ou=users,dc=test,dc=com - userPassword: c3-secret - description: control center user - objectClass: simpleSecurityObject - objectClass: organizationalRole - cn: c3 - 1_connect.ldif: |- - dn: cn=connect,ou=users,dc=test,dc=com - userPassword: connect-secret - description: connect user - objectClass: simpleSecurityObject - objectClass: organizationalRole - cn: connect - 1_developers.ldif: |- - dn: cn=developers,ou=groups,dc=test,dc=com - objectClass: top - objectClass: groupOfNames - description: A group of software developers and the apps they are responsible for - cn: developers - member: cn=alice,ou=users,dc=test,dc=com - 1_emmy.ldif: |- - dn: cn=emmy,ou=users,dc=test,dc=com - userPassword: emmy-secret - objectClass: simpleSecurityObject - objectClass: organizationalRole - description: Interested in action and conservation. If you like it, you should put a Noetherian Ring on it. - cn: emmy - 1_erp.ldif: |- - dn: cn=erp,ou=users,dc=test,dc=com - userPassword: erp-secret - description: erp user - objectClass: simpleSecurityObject - objectClass: organizationalRole - cn: erp - 1_kafka.ldif: |- - dn: cn=kafka,ou=users,dc=test,dc=com - userPassword: kafka-secret - description: kafka user - objectClass: simpleSecurityObject - objectClass: organizationalRole - cn: kafka - 1_ksql.ldif: |- - dn: cn=ksql,ou=users,dc=test,dc=com - userPassword: ksql-secret - description: ksql user - objectClass: simpleSecurityObject - objectClass: organizationalRole - cn: ksql - 1_replicator.ldif: |- - dn: cn=replicator,ou=users,dc=test,dc=com - userPassword: replicator-secret - description: replicator user - objectClass: simpleSecurityObject - objectClass: organizationalRole - cn: replicator - 1_sr.ldif: |- - dn: cn=sr,ou=users,dc=test,dc=com - userPassword: sr-secret - description: schema registry user - objectClass: simpleSecurityObject - objectClass: organizationalRole - cn: sr -kind: ConfigMap -metadata: - name: ldap-ldifs - namespace: sandbox ---- -apiVersion: v1 -data: - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURtRENDQW9DZ0F3SUJBZ0lVSEZEYWdiZ0Y4bTg0NzhoUEJpTktGOGI5MHVzd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1pERVJNQThHQTFVRUJoTUlWVzVwZG1WeWMyVXhEekFOQmdOVkJBZ1RCbEJoYm1kbFlURU9NQXdHQTFVRQpCeE1GUldGeWRHZ3hEVEFMQmdOVkJBb1RCRUZqYldVeERqQU1CZ05WQkFzVEJVMTVUM0puTVE4d0RRWURWUVFECkV3WlVaWE4wUTBFd0hoY05NakV3T0RFMk1USXhPREF3V2hjTk1qWXdPREUxTVRJeE9EQXdXakJrTVJFd0R3WUQKVlFRR0V3aFZibWwyWlhKelpURVBNQTBHQTFVRUNCTUdVR0Z1WjJWaE1RNHdEQVlEVlFRSEV3VkZZWEowYURFTgpNQXNHQTFVRUNoTUVRV050WlRFT01Bd0dBMVVFQ3hNRlRYbFBjbWN4RHpBTkJnTlZCQU1UQmxSbGMzUkRRVENDCkFTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBSzZ6NzJNbithSElYZ1RkODVqdi8rMm4KT0daQU9ITWhOQ2J2V1Y1cWVlTlgwaXZIZVhtRkF4TmFSc2ZKbGhOUllpTVRLRTRoUjZreTdEUWxFbVZLQ1g0cwpnaExYZ28wU3pUV3BhNkltcmFIbnplQWhob1gyaWxFdjRvUVVxMVFDdHhRd0NhVmxLYXhCM1pLNExzVVFuZlRqClBFL3JtQURwd2UxSjlteWxLeDJuNEl1V2NNRjE5dlBFdjc4dTdXU0FDNUQzdXVjTUwwRzByZys3K0srTXRQV1EKSk9UcWp2MHR6RGt4UXg0NmVlL042eFI0czdKbVRHc29SeC9KRDVOVUozNTJYYTFrNHhSUVltRnJ0U0V4UTBPUgpWSVNhYnQ2ZzA5L1NqQ0JrQTRWb0NoazBXL0o0K0k1VGR0clh0ZUpaTVBrWlhKMkxvS3hXM0NCVW0vRG9xUXNDCkF3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0VHTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3SFFZRFZSME8KQkJZRUZOSFRzcEFlcURDVFUwMDB5SGU0ZzlEMURrcXNNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUF3VFErOApzTExxbURpV2RSeTZrOThyWWpPR3RXVW10ZWVSNDhNRWxQR3RSZ3BLWFhjcTBaSnd5ZHd3VTVZKzhuL3lyYW5UCmQzUWxEOWR5MDlZNHhYbDFkR2FhbWw0ZXE4cFZWQm04WE9kVkNaWnR3WjNHQ0I1NFdrQ2RHdnFIS3hnclVzb1IKMC9UYU15TVNXbmZMdk9XNHhLOXpQanAxYUc1eDdGeFJybW5OVjRUTHE5UFpOa3krK3Y2Y2dyNTF4OXdPOVNHaQpGTHBJOE9yTkdVeWxuZGhVMGFYSzRnZUFwZXh2cEJDNjdqY1Y4Nmo4emxKNkJaMnRRQXA0ZDFBeGVVQjROdmVsCmg3TFRCS0toemRER2lWUTFWYStoR1pGaE1GeXUxTzUrbVhzaUFwOTc1UEZ2S1pLMWJaeC90WjdMZjRSdXZpUjgKRHBQRUpMT2c1TXpQb2FFLwotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== - tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBcnJQdll5ZjVvY2hlQk4zem1PLy83YWM0WmtBNGN5RTBKdTlaWG1wNTQxZlNLOGQ1CmVZVURFMXBHeDhtV0UxRmlJeE1vVGlGSHFUTHNOQ1VTWlVvSmZpeUNFdGVDalJMTk5hbHJvaWF0b2VmTjRDR0cKaGZhS1VTL2loQlNyVkFLM0ZEQUpwV1VwckVIZGtyZ3V4UkNkOU9NOFQrdVlBT25CN1VuMmJLVXJIYWZnaTVadwp3WFgyODhTL3Z5N3RaSUFMa1BlNjV3d3ZRYlN1RDd2NHI0eTA5WkFrNU9xTy9TM01PVEZESGpwNTc4M3JGSGl6CnNtWk1heWhISDhrUGsxUW5mblpkcldUakZGQmlZV3UxSVRGRFE1RlVoSnB1M3FEVDM5S01JR1FEaFdnS0dUUmIKOG5qNGpsTjIydGUxNGxrdytSbGNuWXVnckZiY0lGU2I4T2lwQ3dJREFRQUJBb0lCQUg1T2pTYXRRaWdiaXc0Tgp3ZzZ5aGVBMlkrcFpSL2JFN01XeGluVmVtZDBxSTBPUHBsMmJNd3dNMnR1YS9TdmVUUXQ2MEVzY2VJajF6aHd0CktVMmQ1NXNYWnJ0a29IaUtQVjhzckNyQnVBczBZbjVHL3RGZjI4U3kwQndhTFh4QnNrZWdLM2t1MktBM3hwQkwKSlZWSW5FcnU5eTM0OFI3SDRuTkNaQzFNaFEyY25SeFluc0Y0c2JxYWtvVHhMa08waTh3OXIwSXIwKzZIK0tJLwpjeUFWaWJuUi80L2VxODh0UDRhT0RrazZ0cUsweTk2S2ZqTEdpbGdsWW9CemUyK1AvNHhrSHlJYXZHd3ZCdllNCkgrc042OGhNbnhXbzg0cVp1RENROWJkOTA3MFV2d1NOc2ZNNkRBL3NBYWVTb0VSeHE4Z0xpSlhXZVZXQ3JNKzEKMFdrQTZJRUNnWUVBNXR4dStTZk0ra2NtM1hoMitKUWlIeERVNC9oankvYlBpV2k2d3ZjR2tFVksvRGQxZHlWQwprYUVjT05oblBFNytCZ21YbWVQdno3dG9nTmtrK2FncGY4L1JQVmFvNUQxemZSNkZESGU5QnBWWjRxUDdzYzk4CjFHRC9vVzFDaWVvUmVyQVlMM1BVWktIZ0g1a0ltR21ZR3owSUVxa0ZzeHl5bG4vVkc1T2ZoT0VDZ1lFQXdib0QKOUJKWGwxK3dUVHdPRE9KclFzZlFUc0lxR1pzZUtMYlM3cGwvT29mUWxCd0ZYN0VrV0RFejE4ZjV1MUEvUnhaSApCeUNTY2tiZW5GbXhFR0Zpa2Foc05EaGhzRWw3blpveDlDcWJFWXJwY08rUWRTTmlSSDBralpLdTladnd6VERxCmhMclV4b2Irbm5WdFFqenZCNmYrZThCc052UkJIY1hxUkhQZy8yc0NnWUFmaHY4SXU2eThpVGIvaTlJRGhJZGMKWXJvUUgvM1Evdlc4dURhNUpXOGFDTHlDMFRnVGUxMHA4aXllZnI4cWQwY3RuK1c2T0d5cG05aGJzRXZpWkZxMgpmN1Q5Z1hZekpVaytUd3F3ZHpHelVuWWlBMjcrQzIzcXV3eHVDVFBMRGRJeFJSY29jOU1Qb3lPdWJRSEZmcll0CkVocW1JYnNMaU9IQ3Q5WnNtNjV2UVFLQmdEa0tyWmxUUVVsSUdxQlRPNHZkcTFtSmZqT0NobVR0d0s2YVRuZUUKNk9weURSOWZOTkhkVmVkRjdZN3V5Z0MyZXp0U091M0ZVSG1ubG1xUkdrckpjZjJUaXZEQlhUcE1HTUxxSVNWVQoyajRMR2Z0di9xZ1BHQ00wZWV2WnNmeU53eFNYLzZXL1lXRm5aRmVDR2Y2ejlHbmJ0Rm41NmFNd3ZtK20wL2o5CjZkVXJBb0dCQUt2a0UrcnQ4MldRbjQydTNaei9aa3RMNHhLM3FKU3lDR0kycnpPQUtDTm92M1FPWlpiVVdqTDAKaTBYeVA5dFRDMnJYRDhZelVUblYzbUM5YjlGUkI5UFZ4OHY0OTllQjJaYTNiY29CRERpVU9VT0NsTlc5VElqWgpFNnFCSm5aY21QTllqZXl3UFE3aFFhbU1NUnA1MWlOeUVZYTVGOXFuU3hhcUN1cjRsaUN6Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== -kind: Secret -metadata: - creationTimestamp: null - name: ca-pair-sslcerts - namespace: sandbox -type: kubernetes.io/tls ---- -apiVersion: v1 -data: - publicKey.pem: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF2YUd5OFRPZGJDTXlTTTd6cVpzeApuNjJ5dUUrQmhJUGxjOXo5Y3RyWCt0QldOQ0NKZVBaYktIVFpTOXVLTGVLVWk5dTA3dHMvMzVYUm5FNEFURDZxCmx3am5Tb0pPa2VJWGNZaUorWEdFeE4xb1JFOFJsNW90dmRtSkVzYjlZNkpzZmUybFJDQ3NaTng2azFzMU5tUUYKUjR3blJpS3lsSWlZSjl1V1VHZkgxOEpLWnFNOHo5UXFrWi8relFrekhOWXNYbi9ZeVJ1RElRWGVVU2VjaHI5MwpKanQ3OUFpa3NraWNvVDA0bHF6L0dhSHoyV0pFeXV2TExFMWpOQk9Db21LbDA1UWIreXZKbUdudC83SFg2SFQ3CjNobkNYYnNsd3R6cDBDbWVHT2lKUmJKeGJhaGtURnFoMW9LcVpYVURDWnJLQ05OUnZYcU4vUUhxbmF3bzZrSnkKOHdJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0t -kind: Secret -metadata: - labels: - app: confluent-for-kubernetes - app.kubernetes.io/component: confluent-operator - app.kubernetes.io/instance: RELEASE-NAME - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: confluent-for-kubernetes - helm.sh/chart: confluent-for-kubernetes-0.304.2 - name: confluent-operator-licensing - namespace: sandbox -type: Opaque ---- -apiVersion: v1 -data: - bearer.txt: dXNlcm5hbWU9a2Fma2EKcGFzc3dvcmQ9a2Fma2Etc2VjcmV0Cg== - digest-users.json: ewogICJrYWZrYSI6ICJrYWZrYS1zZWNyZXQiCn0K - digest.txt: dXNlcm5hbWU9ImthZmthIgpwYXNzd29yZD0ia2Fma2Etc2VjcmV0Ig== - ldap.txt: dXNlcm5hbWU9Y249bWRzLGRjPXRlc3QsZGM9Y29tCnBhc3N3b3JkPURldmVsb3BlciEK - mdsPublicKey.pem: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF3TXlqblA0cWZkVEtoQ1M1c1BiVgpxaVhWeVExNXdyZVZBc0VxRXNuTUZ0Mkp0TUwxM0VMT1Eyc3pXbjU3V3p1NzgyYnlFdFlGbEYzVG9WVzNjbDRkCk9KUnphU0VRNnhlMTBSL2k3VG5lSXRFUWZwSnIvMkw0YnVidVFSR05lL0tyTE1FMGl2cjl1NElFYmJSUytsdHUKNkE5Z2d6R2NhRFN4Vi9leUtNTlBhZEhRL0FONEJaaWpBZUtaY0RUano2YkhqSjZFUTNZTmdxeW44NDZyZVFrOQpUb0habDhiR0hPaHo1Qzd5b0lmc3haZ1lIbG54NkpHc2lVWjVQMzZXR2MzOFpJQi9tNDVvOGN2NGlmVVZQVUIwCklRUTlBaFlJNVp1TXJ4RHNSUERYMkdHNkU1YlcydnFEV3lxWE9ZN2NTb0k3QWlrRmR3QVRXNFJ2N2V1RUpVeXoKTndJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0t - mdsTokenKeyPair.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBd015am5QNHFmZFRLaENTNXNQYlZxaVhWeVExNXdyZVZBc0VxRXNuTUZ0Mkp0TUwxCjNFTE9RMnN6V241N1d6dTc4MmJ5RXRZRmxGM1RvVlczY2w0ZE9KUnphU0VRNnhlMTBSL2k3VG5lSXRFUWZwSnIKLzJMNGJ1YnVRUkdOZS9LckxNRTBpdnI5dTRJRWJiUlMrbHR1NkE5Z2d6R2NhRFN4Vi9leUtNTlBhZEhRL0FONApCWmlqQWVLWmNEVGp6NmJIako2RVEzWU5ncXluODQ2cmVRazlUb0habDhiR0hPaHo1Qzd5b0lmc3haZ1lIbG54CjZKR3NpVVo1UDM2V0djMzhaSUIvbTQ1bzhjdjRpZlVWUFVCMElRUTlBaFlJNVp1TXJ4RHNSUERYMkdHNkU1YlcKMnZxRFd5cVhPWTdjU29JN0Fpa0Zkd0FUVzRSdjdldUVKVXl6TndJREFRQUJBb0lCQVFDS3pJaFpoSTE0cTFIawprai93eTdNRTNGb3RkUHNjbUdlNVpQRHlONzhyRXZDSlp2WHpUVkVMTGtqNU5DZUFoZCtJbXF0WnJpUzBMRndvClFQcGhacW5veXM3UGQ1T2pmQjFUNFgzUVJTSEx0UEVIL2tlcncwZVJKOFdNcUtOUUFXTUVSRStjWXBkNmYxN0sKejlBUkZ2UWdNcm5MbVZLOW5ubXlGOHQyRnkyN3dxVVZCbVlYWC9tK25lLysyUzRQTzhac1BkM3dZMlk5UjhMVgp1ZmJIQytIMkV4QThuRTR6dGVmZzl6UHluMXdNaS9HTVVnMVdpQ1QzQjJ1M0Nac1dhWkp6Vkl0VDZ0N3FuQVpKClh6a2dOcElIbjltV3V3aDhreGdNZDZzeERSQU9ENWlQZDZhOWkwb0xTYVMzLzBMRGV6VUxDMFZoVFB5M0cyb1IKQTBBSmVPblJBb0dCQVBWMXV6MXBQSkF0ZW1yOHdMaUtoUU9lOGpBc3h0blN6VjhGcWQxMXFKWWduaWh3YWkrWQprNDRoT0ovMDIvNnd5cTQ5RmhNR21reUZXdjVkVURFUkdWN01jWFA2YkVmWTVjMVArUGRSVUFtNUg1bmVmMzd6Ck5SOWY3b2lmVjNqKzQ5dXkyVmZVUUNyL2grVCt5d3pBb2MwaVp5WUdhSTF3aktYUXIzKzFvNTV2QW9HQkFNa1UKQnEySWFJRHdvbUJnUUNLUWpDeS9BTmpRMzJ5TUFHSGYvbUUzMlJURnB1NVNaRUxlOXlyR1FyM3hIRnRROWFRTApWdjVQMDl3WmZiNElPZHAvM3d3SE1xRmpOak5kRzhzdzdSeU5TK3dmUUd1OHYxR2ZZc3N1QnVYaTl2MFhHWEZICldlbk5RRVVQYmliUmJvY0o5Mk9KVEpLNFAvczV2djEzMkhEUi9wdTVBb0dCQUorWThTbTQ1endIbGZWQ2FqeVQKTkhGcVE2YTNOb1FpNEkzTUxPcGx1andDOFZMeDVOa1ZwN3RlTm1jcTJtLzdtNDAzQXNkVUg3ZHBiZ1M5djRwbgp4OHN2dXdUaDZzMjhaWTdkVk0vWit1U1hqY2lLTnZQZ1JzWWpwZ0VIT2VUZU5tRi9KSHBLODM0QnIrWmhGTDB4Cjh3SmlRQmNsUzQzTGhHZThES0JKQmgzWkFvR0FONWJIdWRYS1BrdElPS2lqVW1ydnRiY2dQdENQMCt4b2RxWjgKSnRoUHRVUm5QOStiUkRscnozRjhKaEt3S2phWmtqNW9VR28xUWRYeVEwVDI2WWNNWE1Eb3FHRkxMS3dDOFF1WApvWnNXY0RLN2xvMVp2dkQzV1FCaWU4OWhSTnJMOTlzbjZsRUtBWTJnZ0M3S0JaOGx1MmpMdUl3amRBcWsyR0gzCmZra3Z3RkVDZ1lBeVhqNXo2Q09QSURKMUUxVkxySml3MVlCWGFhN1pMazVFcHczUXZDTTdoVEtTRmJ1U053c3AKRXVMbU03Zzh3TVBaQWJ6cy9SUU9hZjlJaEUveDUzZE8ySW1rNVBBUmFvRXNTRmpORDRkcFZIYUtlbTJjQm9tdAp4NXEwU3FVVnE2eHY0MjIxM2dsQlFNREo0cVFYVHJzRUJkcE55bnY3b1ZlWFh3Y2FPVFVhQnc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQ== - plain-jaas.conf: c2FzbC5qYWFzLmNvbmZpZz1vcmcuYXBhY2hlLmthZmthLmNvbW1vbi5zZWN1cml0eS5wbGFpbi5QbGFpbkxvZ2luTW9kdWxlIHJlcXVpcmVkIHVzZXJuYW1lPSJrYWZrYSIgcGFzc3dvcmQ9ImthZmthLXNlY3JldCI7 - plain.txt: dXNlcm5hbWU9ImthZmthIgpwYXNzd29yZD0ia2Fma2Etc2VjcmV0Ig== -kind: Secret -metadata: - creationTimestamp: null - name: credential - namespace: sandbox ---- -apiVersion: v1 -data: - mdsPublicKey.pem: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF3TXlqblA0cWZkVEtoQ1M1c1BiVgpxaVhWeVExNXdyZVZBc0VxRXNuTUZ0Mkp0TUwxM0VMT1Eyc3pXbjU3V3p1NzgyYnlFdFlGbEYzVG9WVzNjbDRkCk9KUnphU0VRNnhlMTBSL2k3VG5lSXRFUWZwSnIvMkw0YnVidVFSR05lL0tyTE1FMGl2cjl1NElFYmJSUytsdHUKNkE5Z2d6R2NhRFN4Vi9leUtNTlBhZEhRL0FONEJaaWpBZUtaY0RUano2YkhqSjZFUTNZTmdxeW44NDZyZVFrOQpUb0habDhiR0hPaHo1Qzd5b0lmc3haZ1lIbG54NkpHc2lVWjVQMzZXR2MzOFpJQi9tNDVvOGN2NGlmVVZQVUIwCklRUTlBaFlJNVp1TXJ4RHNSUERYMkdHNkU1YlcydnFEV3lxWE9ZN2NTb0k3QWlrRmR3QVRXNFJ2N2V1RUpVeXoKTndJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0t -kind: Secret -metadata: - creationTimestamp: null - name: mds-public - namespace: sandbox ---- -apiVersion: v1 -data: - cacerts.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURtRENDQW9DZ0F3SUJBZ0lVQW9pMzRCbmprMVNiRVBnME1rWjQxeWxnd0FNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1pERVJNQThHQTFVRUJoTUlWVzVwZG1WeWMyVXhEekFOQmdOVkJBZ1RCbEJoYm1kbFlURU9NQXdHQTFVRQpCeE1GUldGeWRHZ3hEVEFMQmdOVkJBb1RCRUZqYldVeERqQU1CZ05WQkFzVEJVMTVUM0puTVE4d0RRWURWUVFECkV3WlVaWE4wUTBFd0hoY05Nakl3TVRBMk1UVXpNVEF3V2hjTk1qY3dNVEExTVRVek1UQXdXakJrTVJFd0R3WUQKVlFRR0V3aFZibWwyWlhKelpURVBNQTBHQTFVRUNCTUdVR0Z1WjJWaE1RNHdEQVlEVlFRSEV3VkZZWEowYURFTgpNQXNHQTFVRUNoTUVRV050WlRFT01Bd0dBMVVFQ3hNRlRYbFBjbWN4RHpBTkJnTlZCQU1UQmxSbGMzUkRRVENDCkFTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBS3Y3NVRIdnlUcFJRVGNQRmRGY1k5S2cKZyszeitpSXRjUnhJSnA4ODBuL1hMQ2Z2U3VqdUVoWGFnRHEwZmx3NmpwTS9oTGp0cE5YZXZUSHdndjUzMDcvUgpyZmdsUnpIRk53ZVFqWVdQMmdRbnJybUpEQmJmT0J0enVBTjlHOEUxbHVwclNLZjNHT3pVeE1HcE5iL0w1TThXCjVhNnFPZVdGcVppNTFYanZrc3BjaGZxeHI1V050bkk1ZkhmemMweFJ1MWdiUzczNFo3Y21NQ1k2U1ZSUEdoV1MKa1ppMFl0dTNqdVBTNjdFWmgzNXliYVgyWXhmYWoyaXlVM3NSVnNud1JraExSZXpmV0wvUHdOUWo4QlljNG5zVQpRcW9ZZWxuazQ3dVk1V3c1Y2tYOE92ek1DWTRlcFJnK0ZveHB1SExGcDZFMmRMV3d3MHlpQ3N4SFR2UUp0UkVDCkF3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0VHTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3SFFZRFZSME8KQkJZRUZPek1Wb3dhaVZOVy80cUxoUXZnT1BSZFozWmhNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUFIMS81cApqWkUvd0lvcG1SeGhzd2RmSFE5RURSNXdiekVBeU9ubzNuSzdhZkRZZ3RaU3FOS0EvVUVMeXZtV3pWYzdxeWtZCmNzeUduem5nbnJvbjBoTmZCczhQQTdWVkJ3ZjlQREU0TUxRWG9Bdlk2cGpnQi9BVTVuU0YwVnlSNU5sSGxhNmUKRklLb3JnZG1NZnBpVzBMMFFQR0Nab3Bya2E5b0lzcHhSZjhtYzBuU3NyYnV1RENhYUc3emFGd003MjZKeDdiaQpuRW9pRk1Kc0YzVXpjeUtaYXNaakMrZDNDdS8wYVlveXlkTm1iSERyWjlzRld6VGQ1bHk0ZjB4VXNtVlR4MXlCCit6TURoOEtRQWFORlJ2dkdBTnZLc2J4aVloYXhIWnRwTVhZRExEZGtqL21lTUVhWCtOUlIvWjV3cFZVSkdSUE8KUll5ZHhSYlZzL2M1WlIwQQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== - fullchain.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVHakNDQXdLZ0F3SUJBZ0lVWWVySUFMai9DeHZEZXU2bEFic3Z1aGh4eExvd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1pERVJNQThHQTFVRUJoTUlWVzVwZG1WeWMyVXhEekFOQmdOVkJBZ1RCbEJoYm1kbFlURU9NQXdHQTFVRQpCeE1GUldGeWRHZ3hEVEFMQmdOVkJBb1RCRUZqYldVeERqQU1CZ05WQkFzVEJVMTVUM0puTVE4d0RRWURWUVFECkV3WlVaWE4wUTBFd0hoY05Nakl3TVRBMk1UVXpNVEF3V2hjTk1qY3dNVEExTVRVek1UQXdXakJFTVJFd0R3WUQKVlFRR0V3aFZibWwyWlhKelpURVBNQTBHQTFVRUNCTUdVR0Z1WjJWaE1RNHdEQVlEVlFRSEV3VkZZWEowYURFTwpNQXdHQTFVRUF4TUZhMkZtYTJFd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUM3Cnl4N0pIL1lZTmVnTVdFU0FaVkNJN3dMSG5sTWZ5aGY4NDJMTVlUd1pLK25IdWg2RmxNZHFoNXVOeG12UWFSV3EKaEg5NDZJMC9IanQyNmlEN2JUOFllTmpkc3haY1JTdVVRelNvV3dQbnRRTW9VUms3N2hYWEtQTkNncmVFNDNTbwo3bzNQdHh1WDVNbUtXaUdXcUs0RW1iNXVXK3d0SjRZd29VVFE0VTVPV1F4anY4K0ZUWmk5WTJVaU1JVUxCMi9YClhYWFhxWjhvRDVDeGxyc3UxWWZsV3NybFFQTFRPU0NxK1pHeEdLQ1ljMjdoaExIb0JXZjJsSnkxb29ma0lpRDQKb1dKOExhaWpMRFkwd0lodGhxMytWankySUhpVnozVS9ET21NaXMrYUwzRUR5dnE2c1E5M2l6L1A1aEszRTM1SQozR3B6NHd4MHhYWUR4d25iK3VkTkFnTUJBQUdqZ2VNd2dlQXdEZ1lEVlIwUEFRSC9CQVFEQWdXZ01CMEdBMVVkCkpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUZCUWNEQWpBTUJnTlZIUk1CQWY4RUFqQUFNQjBHQTFVZERnUVcKQkJSUnMvdzYwYmNjbWR0K2g3aldRRG8wY0xzZ3N6QWZCZ05WSFNNRUdEQVdnQlRzekZhTUdvbFRWditLaTRVTAo0RGowWFdkMllUQmhCZ05WSFJFRVdqQllnZ1ZyWVdacllZSUxLaTV0ZVM1a2IyMWhhVzZDSDJ0aFptdGhMbk5oCmJtUmliM2d1YzNaakxtTnNkWE4wWlhJdWJHOWpZV3lDSVNvdWEyRm1hMkV1YzJGdVpHSnZlQzV6ZG1NdVkyeDEKYzNSbGNpNXNiMk5oYkRBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQW8rYmRrOVVMYUdQcjE5Y0xlRlZTNmlOKwpiZDYxdUVzRUZXMUlQZ3F3OVFoUGx0MWtySTBib0dFdkZadll6T0Y1U3BYeTdvZXA2UGRSSTdHMmtCU01EaVh5ClFPOWh4WkZXaVdRZlpraFJCRWd4NTVwMzVVLzJRM3IrZ3JONHZJbXFJVVJzNElaSm9qcnFJc2VSTzVqMnViTmoKalZ4OFR1RktTZTIvLzRBRlNnL3JvY3FvcHhwYmo5dU9sZVZlVHhuUTcvSE14OGFLcTFWWGlrdHVuZlV4azhtZApJcXcrZTd3YXpWNFBKbThMWVliR3JlU3dtejRndFJMRFpSaVJzSVJkTmNnVVJ0RTR5OW9tY2hUaGxJQWRiS2l4CmpHSDhNKzIvRm1iekEzRTh2Vm1LRXQvcW9ZRm5HZnFlZ0dZYzRhMmM5Q3ZKanNpTW95K0kyYnJTMkhhTHlnPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= - privkey.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBdThzZXlSLzJHRFhvREZoRWdHVlFpTzhDeDU1VEg4b1gvT05pekdFOEdTdnB4N29lCmhaVEhhb2ViamNacjBHa1Zxb1IvZU9pTlB4NDdkdW9nKzIwL0dIalkzYk1XWEVVcmxFTTBxRnNENTdVREtGRVoKTys0VjF5anpRb0szaE9OMHFPNk56N2NibCtUSmlsb2hscWl1QkptK2JsdnNMU2VHTUtGRTBPRk9UbGtNWTcvUApoVTJZdldObElqQ0ZDd2R2MTExMTE2bWZLQStRc1phN0x0V0g1VnJLNVVEeTB6a2dxdm1Sc1JpZ21ITnU0WVN4CjZBVm45cFNjdGFLSDVDSWcrS0ZpZkMyb295dzJOTUNJYllhdC9sWTh0aUI0bGM5MVB3enBqSXJQbWk5eEE4cjYKdXJFUGQ0cy96K1lTdHhOK1NOeHFjK01NZE1WMkE4Y0oyL3JuVFFJREFRQUJBb0lCQVFDVDlIcHkxMzJhb1k0TAplOWVzbVNZVVhNc0IzeGw2cUV5eDc2eTlmYlpOMXEwL3NNR3ZXUUtzU2Q4aW1qd0RYV2UyaXVHcnJ2enB4N1h1CkFKU3Z3dWk5TFNrZnNxTmhXeFgwbitaeTVoSnprY2ZGRWZBaHFYa0hwYm5Tb3c1WDRxVGRHK1lheXhjd1d3NzIKdEFCV3BOdEZ3S09xYXozdWJYOXAvUVVzMVBaTy9ycHg2SDhIYVlDU2tibnEzMUdTb0Jpai8yTnV6eXA0aDBHTAo5d3hIZ3EvMm9laVdFZHVQQkQ2QUpHQURkZlNqZkt2OUNLblRYQk9pd2FtOUp0NWdzSXc4TVNkajBtQnBHZmtpCmRKaCs0VW1LVnl3UnNDb1RSWU53ekk5KzlxZHFYeEM4bUc4V1QvaVlMZmtnU3FnVkg4aWlrTThXc01xL3VEVmwKUmZlYk83MEJBb0dCQVBJb2p4a3RIZXkxcFI2bTBNNDY3cGdQWi9qWXpvMUFhc0c1dkp0d3lpMkRvblZnY1lXWQpicEZuUW5MYUVSRkM2UGwvRWsrOW5MRHJMSE5xR2pvaHo1ZUxpbElqSGU4dHR2RVZEaVdPY2x1NmtPZnRicEExCkU2UGJVVDZiZDc4RWdJS0V6M1ZYd2k2SlBnaEszNERuMnRuamk0NzZrcERCU0JINkxnelFwMmZoQW9HQkFNYUgKRFhKUHhsMWQzeWQ0eDVudGthSDNmdStmZGh2OXF4L2kyMmJsZkRXRWdYNHFFNy9ZVVNRcEU2VTR3RmZUMHVnego2SFZTdWs3ejVrODlSVEhvU1RZVU5PSVlWMWlmVFMyOWFVcUNzWTV5U3Z4MzRQcmFwSEZJWFhSeUxlcFFZTjRuCi9uZTM5UVdqa240OUpXTHdGK0dPTzFkbjV3OUVpUmlSM1o5Tmh6enRBb0dCQUk3Z3QyM1hYT3lwVUQrQmxYblkKODZYc2tTQVdhK2lUdFdtUU9XUk5iRHptaWhoUFN5dlVBSWp5TUJhcjY1NFBxSDV0SjFTOVA1SnpiOHE1TTdoUQo4cmNyc2ZVOG14RGdIQ3lxaTZwRkhkeFplOTRjRFR3dzFPRzlLWGFUTEZnY1ErYStqZGxpYWtRaTNlTHVxbWpZClpCeGpVWmlPNTZOWkp6alVNQStIblA2QkFvR0FBZzlVckdMM2cvQjlhRU53anNCUVNvWHU0ejJjVkI0RnNJY0MKRDhkQnlxeGRTNW5VS3FGcjlod1hBQmZlcHdxam5aVXNURXRYYzRwRVVYNHBRYU5QWHloR2hESU1kZmJ4TGhCUgpEMXpieXNhVTBKbk4wOHlBK0V2djdFMWkvSk5vN2VVc1ZzR3A0UzBaVUFZQ1pVeG9jd2F1eHZGbERGdUJzS2VTCnpSeFkwdUVDZ1lFQXlRMWJmV3dmM1RPM09XUnRvelFQVHg3WStsUFVWMldWRE8vSXdoRDlIdFpQcFIrQ3RXYzgKd3dVd0Nwa1ZwamtQZ3dNcEViMTd1UXZIRHpnRjcyWjFVemZJSWlwWkRnWllJd2EyQ3J2VEQ1VlJNbDF5R3hpaAoyK0lhY09PWkFHQlhxalAwWWRMLzhYTkhFMExoTW5VQWNxcTh2eFFHSU9RZ2xWWXBYaDhwRXVNPQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= -kind: Secret -metadata: - creationTimestamp: null - name: tls-kafka - namespace: sandbox ---- -apiVersion: v1 -data: - cacerts.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURtRENDQW9DZ0F3SUJBZ0lVQW9pMzRCbmprMVNiRVBnME1rWjQxeWxnd0FNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1pERVJNQThHQTFVRUJoTUlWVzVwZG1WeWMyVXhEekFOQmdOVkJBZ1RCbEJoYm1kbFlURU9NQXdHQTFVRQpCeE1GUldGeWRHZ3hEVEFMQmdOVkJBb1RCRUZqYldVeERqQU1CZ05WQkFzVEJVMTVUM0puTVE4d0RRWURWUVFECkV3WlVaWE4wUTBFd0hoY05Nakl3TVRBMk1UVXpNVEF3V2hjTk1qY3dNVEExTVRVek1UQXdXakJrTVJFd0R3WUQKVlFRR0V3aFZibWwyWlhKelpURVBNQTBHQTFVRUNCTUdVR0Z1WjJWaE1RNHdEQVlEVlFRSEV3VkZZWEowYURFTgpNQXNHQTFVRUNoTUVRV050WlRFT01Bd0dBMVVFQ3hNRlRYbFBjbWN4RHpBTkJnTlZCQU1UQmxSbGMzUkRRVENDCkFTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBS3Y3NVRIdnlUcFJRVGNQRmRGY1k5S2cKZyszeitpSXRjUnhJSnA4ODBuL1hMQ2Z2U3VqdUVoWGFnRHEwZmx3NmpwTS9oTGp0cE5YZXZUSHdndjUzMDcvUgpyZmdsUnpIRk53ZVFqWVdQMmdRbnJybUpEQmJmT0J0enVBTjlHOEUxbHVwclNLZjNHT3pVeE1HcE5iL0w1TThXCjVhNnFPZVdGcVppNTFYanZrc3BjaGZxeHI1V050bkk1ZkhmemMweFJ1MWdiUzczNFo3Y21NQ1k2U1ZSUEdoV1MKa1ppMFl0dTNqdVBTNjdFWmgzNXliYVgyWXhmYWoyaXlVM3NSVnNud1JraExSZXpmV0wvUHdOUWo4QlljNG5zVQpRcW9ZZWxuazQ3dVk1V3c1Y2tYOE92ek1DWTRlcFJnK0ZveHB1SExGcDZFMmRMV3d3MHlpQ3N4SFR2UUp0UkVDCkF3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0VHTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3SFFZRFZSME8KQkJZRUZPek1Wb3dhaVZOVy80cUxoUXZnT1BSZFozWmhNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUFIMS81cApqWkUvd0lvcG1SeGhzd2RmSFE5RURSNXdiekVBeU9ubzNuSzdhZkRZZ3RaU3FOS0EvVUVMeXZtV3pWYzdxeWtZCmNzeUduem5nbnJvbjBoTmZCczhQQTdWVkJ3ZjlQREU0TUxRWG9Bdlk2cGpnQi9BVTVuU0YwVnlSNU5sSGxhNmUKRklLb3JnZG1NZnBpVzBMMFFQR0Nab3Bya2E5b0lzcHhSZjhtYzBuU3NyYnV1RENhYUc3emFGd003MjZKeDdiaQpuRW9pRk1Kc0YzVXpjeUtaYXNaakMrZDNDdS8wYVlveXlkTm1iSERyWjlzRld6VGQ1bHk0ZjB4VXNtVlR4MXlCCit6TURoOEtRQWFORlJ2dkdBTnZLc2J4aVloYXhIWnRwTVhZRExEZGtqL21lTUVhWCtOUlIvWjV3cFZVSkdSUE8KUll5ZHhSYlZzL2M1WlIwQQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== - fullchain.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVIVENDQXdXZ0F3SUJBZ0lVYVpvaHgvakRiV0lQYTlIeGRxOUNHTENOOUdJd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1pERVJNQThHQTFVRUJoTUlWVzVwZG1WeWMyVXhEekFOQmdOVkJBZ1RCbEJoYm1kbFlURU9NQXdHQTFVRQpCeE1GUldGeWRHZ3hEVEFMQmdOVkJBb1RCRUZqYldVeERqQU1CZ05WQkFzVEJVMTVUM0puTVE4d0RRWURWUVFECkV3WlVaWE4wUTBFd0hoY05Nakl3TVRBMk1UVXpNVEF3V2hjTk1qY3dNVEExTVRVek1UQXdXakJJTVJFd0R3WUQKVlFRR0V3aFZibWwyWlhKelpURVBNQTBHQTFVRUNCTUdVR0Z1WjJWaE1RNHdEQVlEVlFRSEV3VkZZWEowYURFUwpNQkFHQTFVRUF4TUplbTl2YTJWbGNHVnlNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDCkFRRUE5RGpTVjhma3pzaGZUR2lscG10a1VBbW1GZjF4eTJIalhpdTdXUVZsZ1E1L21vSWRFeEhYYVc3c2h6RWsKdHFrVXNPc1pIVTVDeEh2MTZHK1M3UHcyRURlMmFQcEdPTVJ5ZEdLV2dNK2xQTUZ1SmU5MFJxOS9qSnBmaWY4QQo4b1llcFRXN0lrajhsK2VWRmo5c2NBdExUVnh5L1NKS1YyZ3VTdHRiZFVZT3RyYkx3QU94SWVaZmE5REhQaGtsCnFXa0JOOGk3NnRGaHZaR3l2WDlJdU1oY0JEb05HcjVBcWhFY3RxdW5TOVVzY0g4WTN0RGZXYktUZlRRR1poZ2oKMDloNTNKWmErUVBUUHRYOEdUNVJFTkdrL2dmeFBEekJYb0lyQ3hGbGg1d2pmNXIwQUJUV0FrNkJreXhhMUd3KwpybnNUSjRkdERmYVpEWkxZVDNzb1RjNXhpUUlEQVFBQm80SGlNSUhmTUE0R0ExVWREd0VCL3dRRUF3SUZvREFkCkJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUlLd1lCQlFVSEF3SXdEQVlEVlIwVEFRSC9CQUl3QURBZEJnTlYKSFE0RUZnUVVod2ZUZ1BzYThXak9DeE9uQkI3dzZOR210RUl3SHdZRFZSMGpCQmd3Rm9BVTdNeFdqQnFKVTFiLwppb3VGQytBNDlGMW5kbUV3WUFZRFZSMFJCRmt3VjRJSmVtOXZhMlZsY0dWeWdpTjZiMjlyWldWd1pYSXVjMkZ1ClpHSnZlQzV6ZG1NdVkyeDFjM1JsY2k1c2IyTmhiSUlsS2k1NmIyOXJaV1Z3WlhJdWMyRnVaR0p2ZUM1emRtTXUKWTJ4MWMzUmxjaTVzYjJOaGJEQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFWeVdKelZBUWtpSzR2L0RlRUtsVQpSV2hKdnB1aEt0Y0JERDVtV1UrTDhtbFdTTW1wY01HSk1SVzRLVWtXeUE2RlF6bUxOcWRZelRoNDlJWGt2Q3Q2Ckd5d1FqKy9VZ0VmVmwzUHBlVnYwRm9mSGV3WEt3L25mTmxPOTRKUXNDZytMUkMwZ3dBT3JUNHNTYVF1ZXhtQS8KQTQ3dkxhZE5zdGxFRHIxMit2d1FMbGZ3UE12VWxJTFJPN09SaGEyYmxZNDdjU0VKUE5qT2FPUGY4cGlxNGR4KwpINGZyS0piQU1xN3RZU0UzYzZSU0FzTWpxNHdJOCt4dkVDMW1ZTURZQ2hEcERhVEFML3MzaVA2WTBlaHg4dG1uCjE1NGVCenk2eDRXWUJBL1Y2THRQMFhNUDhieEVwUE1uKy9velMvUDNxc2pwWHNnVWlYUjFaMDlZWGhCRi81Z28Ka2c9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== - privkey.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBOURqU1Y4Zmt6c2hmVEdpbHBtdGtVQW1tRmYxeHkySGpYaXU3V1FWbGdRNS9tb0lkCkV4SFhhVzdzaHpFa3Rxa1VzT3NaSFU1Q3hIdjE2RytTN1B3MkVEZTJhUHBHT01SeWRHS1dnTStsUE1GdUplOTAKUnE5L2pKcGZpZjhBOG9ZZXBUVzdJa2o4bCtlVkZqOXNjQXRMVFZ4eS9TSktWMmd1U3R0YmRVWU90cmJMd0FPeApJZVpmYTlESFBoa2xxV2tCTjhpNzZ0Rmh2Wkd5dlg5SXVNaGNCRG9OR3I1QXFoRWN0cXVuUzlVc2NIOFkzdERmCldiS1RmVFFHWmhnajA5aDUzSlphK1FQVFB0WDhHVDVSRU5Hay9nZnhQRHpCWG9JckN4RmxoNXdqZjVyMEFCVFcKQWs2Qmt5eGExR3crcm5zVEo0ZHREZmFaRFpMWVQzc29UYzV4aVFJREFRQUJBb0lCQUUrOFFZaWhYZVhaYTZ2Ugp1c3VqNG1OelV3TjQ5TzgzTFhtd2c0RmtEcWpkSi9JMUt2THY3MG1nQ3A5MC93eVlGWVpScTZoeXhiL0t6Uld2ClgrUDUwRmpwSjZnTWxtS3dXTUlBOGl4cUh3UEFENHRaSzdoc1VoT0F6MUtKckRDQ2MzenpGdjd4bjI2bEVIcnMKQ0Nab3VaUXZhK2VUaTN3UUtwVU1HMGNsc1dZYmt3bEhNd2ZDdHo1bUg2K2VkS045UU1WREo0TS9henFmRTcxTgpKaUgvZXhYd3R2b25IMzdHZ2Q0ZEJicWpZNm5WWG8zeWgyRW1OSjZFSUJFWlZVNmxkMEl4QXhjQVdHdVNGUUtZCm5YR2V5d1B4a2FpSklYVDBsWjNYdGh5b3FyQ2VWdm84eW1oUkVtUXdyVDZ2emc3LzhsYVFHZllySE5PeUZnem8KUHM3K00xRUNnWUVBOU9iMU80L1lPZnI1aFhVN0R2QW5XbWtBbjRWcWRYQ2czYXVCZ29xWkhpTzg2QWFtMDkxaApPNjJWc2hVcCtrbFJMVmR6MG1SZFh6amROSU8rUTJpUTZwRkROTStFZFZpWCtWcy9YbFlmSEhISzF6TEVDZnh2CnUzSzlZVXVNUTkyb2NNejhqdk1qclFleWMwMkxETFN1WkRIbzA3TzJ3SzdCc0dLN2lwTWZ4TDBDZ1lFQS8wbjUKQU90TXlvOENxWlAxc1BTK2hSTUF3N2xTQnhhUE13aUhaT3ZBWGhxS3Y4MWtyc0tLa1JJWW9MYTdyZGxtSytlagpuOE9hSzB3TUZYclJ1dVkzSWtlWnhWdmNxOWtIRTJCYkdMKytWYVNVT3Y5VURzNGUvZGhxdjg1dmttQXc4bS9LCjMzSjZLREl2azdadjZJcVJROFBuRW93di9oaVpnRWY4RXpwTEdyMENnWUJTQlN2cXA5RldFYzBSdW1KdUxWWXcKdkd2K0FSUFhnMElORzR5RGFPSEJLMXp3SkpJbzhNTEkxdWtFdkh2VG5FeDRzQXBWVTFIR08yZ3lWMUVZaUdQSQplNkFUaHRDbzhHUHRtbmJOcEhCRStZTmlzVmpnczAvRWFyZ3NacjN5V01FNkRoMGp6eUNLcWNKRlJab2xSam9GCnlvVmNxWnF5UzVVSSt2Z3VmL21xelFLQmdRQ2VJYUVHNjdtV1l2MWdNMUZsK2tRbFEvOGVQYVhNMURHQmlBL3QKK0lZaEJFbmJ3d3RSb1JtYUFONldkbnBNbHJST0Q5N3ZzSWJIdVFSbkxidktESjRzTXJQU1p6T0treFZwOEM2ZApadkFzTnBURzhxK0x1Q3ZFUzVEY0hMQkp1Q0c1bW52TTZ5azF5dGhqcEFjdndOMTRYMW03eUhCVjhjRHJrQ3RaCmNhdGg5UUtCZ1FDUjFDUG44OHc3NU9NODE1NmhRbzl2L3phWFMrSExFaUhJMlE5b29RYTVBamZaa0NZTnVMTE0KQytjOFk0R3RKbnMxSG1wQ0M0YlNXV2VqK2dyVkRJM0lreTJvVHk3RE9YZDcxYk1Day9lZEMxbmRZT2hTbnJ1OQpmTCs1SE1sS0JtTTBBcmwzNlIxeFZCMFJVUWR4UDk4cDRmaVQyQWJENlpnZEpOMFBzZ3IzZGc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= -kind: Secret -metadata: - creationTimestamp: null - name: tls-zookeeper - namespace: sandbox ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app: confluent-for-kubernetes - app.kubernetes.io/component: confluent-operator - app.kubernetes.io/instance: RELEASE-NAME - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: confluent-for-kubernetes - helm.sh/chart: confluent-for-kubernetes-0.304.2 - name: confluent-operator - namespace: sandbox -spec: - ports: - - name: http-metric - port: 7778 - protocol: TCP - targetPort: 7778 - selector: - app: confluent-operator - app.kubernetes.io/name: confluent-operator - type: ClusterIP ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app: ldap - name: ldap - namespace: sandbox -spec: - clusterIP: None - ports: - - name: ldap - port: 389 - - name: ldaps - port: 636 - selector: - app: ldap ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: confluent-for-kubernetes - app.kubernetes.io/component: confluent-operator - app.kubernetes.io/instance: RELEASE-NAME - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: confluent-for-kubernetes - helm.sh/chart: confluent-for-kubernetes-0.304.2 - version: 0.304.2 - name: confluent-operator - namespace: sandbox -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/instance: RELEASE-NAME - app.kubernetes.io/name: confluent-operator - strategy: - rollingUpdate: - maxSurge: 1 - maxUnavailable: 0 - type: RollingUpdate - template: - metadata: - annotations: - prometheus.io/path: /metrics - prometheus.io/port: "7778" - prometheus.io/scrape: "true" - labels: - app: confluent-operator - app.kubernetes.io/instance: RELEASE-NAME - app.kubernetes.io/name: confluent-operator - confluent-platform: "true" - version: 0.304.2 - spec: - containers: - - args: - - --debug=false - env: - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: NODEIP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: DD_ENTITY_ID - valueFrom: - fieldRef: - fieldPath: metadata.uid - image: docker.io/confluentinc/confluent-operator:0.304.2 - imagePullPolicy: IfNotPresent - livenessProbe: - httpGet: - path: /healthz - port: 8080 - name: confluent-operator - readinessProbe: - httpGet: - path: /readyz - port: 8080 - resources: - limits: - cpu: 500m - memory: 512Mi - requests: - cpu: 100m - memory: 256Mi - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - restartPolicy: Always - securityContext: - fsGroup: 1001 - runAsNonRoot: true - runAsUser: 1001 - serviceAccountName: confluent-for-kubernetes - terminationGracePeriodSeconds: 30 ---- -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: alice-sysadmin - namespace: sandbox -spec: - principal: - name: alice - type: user - role: SystemAdmin ---- -apiVersion: platform.confluent.io/v1beta1 -kind: ControlCenter -metadata: - name: controlcenter - namespace: sandbox -spec: - authorization: - type: rbac - dataVolumeCapacity: 10Gi - dependencies: - connect: - - name: connect - tls: - enabled: true - url: https://connect:8083 - kafka: - authentication: - jaasConfig: - secretRef: credential - type: mtls - bootstrapEndpoint: kafka:9071 - tls: - enabled: true - ksqldb: - - name: ksqldb - tls: - enabled: true - url: https://ksqldb:8088 - mds: - authentication: - bearer: - secretRef: credential - type: bearer - endpoint: https://kafka:8090 - tls: - enabled: true - tokenKeyPair: - secretRef: credential - schemaRegistry: - tls: - enabled: true - url: https://schemaregistry:8081 - image: - application: confluentinc/cp-enterprise-control-center:7.0.0 - init: confluentinc/confluent-init-container:2.2.0 - podTemplate: - probe: - liveness: - failureThreshold: 5 - periodSeconds: 10 - timeoutSeconds: 500 - replicas: 1 - tls: - autoGeneratedCerts: true ---- -apiVersion: platform.confluent.io/v1beta1 -kind: Kafka -metadata: - name: kafka - namespace: sandbox -spec: - authorization: - superUsers: - - User:kafka - type: rbac - dataVolumeCapacity: 10Gi - dependencies: - kafkaRest: - authentication: - bearer: - secretRef: credential - type: bearer - zookeeper: - authentication: - type: mtls - endpoint: zookeeper:2182 - tls: - enabled: true - image: - application: confluentinc/cp-server:7.0.0 - init: confluentinc/confluent-init-container:2.2.0 - listeners: - external: - authentication: - jaasConfigPassThrough: - secretRef: credential - type: plain - tls: - enabled: true - internal: - authentication: - jaasConfigPassThrough: - secretRef: credential - principalMappingRules: - - RULE:.*CN[\s]?=[\s]?([a-zA-Z0-9.]*)?.*/$1/ - type: mtls - tls: - enabled: true - metricReporter: - authentication: - jaasConfigPassThrough: - secretRef: credential - type: plain - enabled: true - tls: - enabled: true - replicas: 3 - services: - mds: - provider: - ldap: - address: ldap://ldap:389 - authentication: - simple: - secretRef: credential - type: simple - configurations: - groupMemberAttribute: member - groupMemberAttributePattern: cn=(.*),ou=users,dc=test,dc=com - groupNameAttribute: cn - groupObjectClass: groupOfNames - groupSearchBase: ou=groups,dc=test,dc=com - userMemberOfAttributePattern: cn=(.*),ou=users,dc=test,dc=com - userNameAttribute: cn - userObjectClass: organizationalRole - userSearchBase: ou=users,dc=test,dc=com - tls: - enabled: true - type: ldap - tls: - enabled: true - tokenKeyPair: - secretRef: credential - tls: - autoGeneratedCerts: true ---- -apiVersion: platform.confluent.io/v1beta1 -kind: KafkaRestClass -metadata: - name: default - namespace: sandbox -spec: - kafkaRest: - authentication: - bearer: - secretRef: credential - type: mtls ---- -apiVersion: platform.confluent.io/v1beta1 -kind: Zookeeper -metadata: - name: zookeeper - namespace: sandbox -spec: - authentication: - jaasConfig: - secretRef: credential - principalMappingRules: - - RULE:.*CN[\s]?=[\s]?([a-zA-Z0-9.]*)?.*/$1/ - type: mtls - dataVolumeCapacity: 10Gi - image: - application: confluentinc/cp-zookeeper:7.0.0 - init: confluentinc/confluent-init-container:2.2.0 - logVolumeCapacity: 10Gi - replicas: 3 - tls: - autoGeneratedCerts: true ---- -apiVersion: v1 -kind: Pod -metadata: - labels: - app: ldap - role: ldap - name: ldap - namespace: sandbox -spec: - containers: - - args: - - --copy-service - - --loglevel=debug - env: - - name: LDAP_ORGANISATION - value: Test Inc. - - name: LDAP_DOMAIN - value: test.com - - name: LDAP_ADMIN_PASSWORD - value: confluentrox - - name: LDAP_CONFIG_PASSWORD - value: confluentconfigrox - - name: LDAP_READONLY_USER - value: "True" - - name: LDAP_READONLY_USER_USERNAME - value: mds - - name: LDAP_READONLY_USER_PASSWORD - value: Developer! - - name: LDAP_TLS - value: "False" - image: osixia/openldap:1.3.0 - livenessProbe: - initialDelaySeconds: 15 - periodSeconds: 20 - tcpSocket: - port: 389 - name: ldap - ports: - - containerPort: 389 - name: ldap - - containerPort: 636 - name: ldaps - volumeMounts: - - mountPath: /container/service/slapd/assets/config/bootstrap/ldif/custom - name: customldif - - mountPath: /var/lib/ldap - name: ldap-data - - mountPath: /etc/ldap/slapd.d - name: ldap-config - restartPolicy: Always - volumes: - - configMap: - defaultMode: 420 - name: ldap-ldifs - name: customldif - - emptyDir: {} - name: ldap-data - - emptyDir: {} - name: ldap-config diff --git a/incubator/userprovided-mtls/kustomization.yaml b/incubator/userprovided-mtls/kustomization.yaml deleted file mode 100644 index be6e0fc..0000000 --- a/incubator/userprovided-mtls/kustomization.yaml +++ /dev/null @@ -1,11 +0,0 @@ -namespace: sandbox -resources: - - ../../base/operator - - ../../base/cfk-components/confluent-rbac - - tls - - rolebindings.yaml -patchesStrategicMerge: - - confluent/kafka.yaml - - confluent/zookeeper.yaml - - confluent/control-center.yaml - - confluent/rest-class.yaml diff --git a/incubator/userprovided-mtls/rolebindings.yaml b/incubator/userprovided-mtls/rolebindings.yaml deleted file mode 100644 index 6ab81fa..0000000 --- a/incubator/userprovided-mtls/rolebindings.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: alice-sysadmin -spec: - principal: - name: alice - type: user - role: SystemAdmin diff --git a/incubator/userprovided-mtls/tls/base-ca-config.json b/incubator/userprovided-mtls/tls/base-ca-config.json deleted file mode 100644 index 9c9f5ac..0000000 --- a/incubator/userprovided-mtls/tls/base-ca-config.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "signing": { - "default": { - "expiry": "43800h" - }, - "profiles": { - "server": { - "expiry": "43800h", - "usages": [ - "signing", - "key encipherment", - "server auth", - "client auth" - ] - }, - "client": { - "expiry": "43800h", - "usages": [ - "signing", - "key encipherment", - "client auth" - ] - } - } - } -} diff --git a/incubator/userprovided-mtls/tls/base-ca-csr.json b/incubator/userprovided-mtls/tls/base-ca-csr.json deleted file mode 100644 index d1eec56..0000000 --- a/incubator/userprovided-mtls/tls/base-ca-csr.json +++ /dev/null @@ -1,16 +0,0 @@ -{ - "CN": "TestCA", - "key": { - "algo": "rsa", - "size": 2048 - }, - "names": [ - { - "C": "Universe", - "L": "Earth", - "O": "Acme", - "ST": "Pangea", - "OU": "MyOrg" - } - ] -} diff --git a/incubator/userprovided-mtls/tls/client-producer.json b/incubator/userprovided-mtls/tls/client-producer.json deleted file mode 100644 index bb1836d..0000000 --- a/incubator/userprovided-mtls/tls/client-producer.json +++ /dev/null @@ -1,17 +0,0 @@ -{ - "CN": "alphaproducer", - "hosts": [ - "alphaproducer" - ], - "key": { - "algo": "rsa", - "size": 2048 - }, - "names": [ - { - "C": "Universe", - "ST": "Pangea", - "L": "Earth" - } - ] -} \ No newline at end of file diff --git a/incubator/userprovided-mtls/tls/generate_certificates.sh b/incubator/userprovided-mtls/tls/generate_certificates.sh deleted file mode 100755 index 779e12e..0000000 --- a/incubator/userprovided-mtls/tls/generate_certificates.sh +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/bash -cfssl gencert -initca base-ca-csr.json | cfssljson -bare ./root-ca - - -# Create Zookeeper server certificates -# Use the SANs listed in zookeeper-server-domain.json - -cfssl gencert -ca=root-ca.pem \ --ca-key=root-ca-key.pem \ --config=base-ca-config.json \ --profile=server zookeeper-server-domain.json | cfssljson -bare zookeeper-server - -kubectl create secret generic tls-zookeeper \ - --dry-run=client \ - --from-file=fullchain.pem=./zookeeper-server.pem \ - --from-file=cacerts.pem=./root-ca.pem \ - --from-file=privkey.pem=./zookeeper-server-key.pem -o yaml > zookeeper-sslcerts.yaml - -# Create Kafka server certificates -# Use the SANs listed in kafka-server-domain.json -cfssl gencert -ca=root-ca.pem \ --ca-key=root-ca-key.pem \ --config=base-ca-config.json \ --profile=server kafka-server-domain.json | cfssljson -bare kafka-server - -kubectl create secret generic tls-kafka \ - --dry-run=client \ - --from-file=fullchain.pem=./kafka-server.pem \ - --from-file=cacerts.pem=./root-ca.pem \ - --from-file=privkey.pem=./kafka-server-key.pem -o yaml > kafka-sslcerts.yaml - -# Create Client Certificates -# Use the SANs listed in kafka-server-domain.json -cfssl gencert -ca=root-ca.pem \ --ca-key=root-ca-key.pem \ --config=base-ca-config.json \ --profile=server client-producer.json | cfssljson -bare kafka-client - -kubectl create secret generic tls-kafka \ connect to your Kafka cluster(s). - --dry-run=client \ - --from-file=fullchain.pem=./kafka-client.pem \ - --from-file=cacerts.pem=./root-ca.pem \ - --from-file=privkey.pem=./kafka-client-key.pem -o yaml > kafka-client-sslcerts.yaml \ No newline at end of file diff --git a/incubator/userprovided-mtls/tls/kafka-server-domain.json b/incubator/userprovided-mtls/tls/kafka-server-domain.json deleted file mode 100644 index f925cb2..0000000 --- a/incubator/userprovided-mtls/tls/kafka-server-domain.json +++ /dev/null @@ -1,20 +0,0 @@ -{ - "CN": "kafka", - "hosts": [ - "kafka", - "*.my.domain", - "kafka.sandbox.svc.cluster.local", - "*.kafka.sandbox.svc.cluster.local" - ], - "key": { - "algo": "rsa", - "size": 2048 - }, - "names": [ - { - "C": "Universe", - "ST": "Pangea", - "L": "Earth" - } - ] -} \ No newline at end of file diff --git a/incubator/userprovided-mtls/tls/kafka-sslcerts.yaml b/incubator/userprovided-mtls/tls/kafka-sslcerts.yaml deleted file mode 100644 index 84be37a..0000000 --- a/incubator/userprovided-mtls/tls/kafka-sslcerts.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -data: - cacerts.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURtRENDQW9DZ0F3SUJBZ0lVQW9pMzRCbmprMVNiRVBnME1rWjQxeWxnd0FNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1pERVJNQThHQTFVRUJoTUlWVzVwZG1WeWMyVXhEekFOQmdOVkJBZ1RCbEJoYm1kbFlURU9NQXdHQTFVRQpCeE1GUldGeWRHZ3hEVEFMQmdOVkJBb1RCRUZqYldVeERqQU1CZ05WQkFzVEJVMTVUM0puTVE4d0RRWURWUVFECkV3WlVaWE4wUTBFd0hoY05Nakl3TVRBMk1UVXpNVEF3V2hjTk1qY3dNVEExTVRVek1UQXdXakJrTVJFd0R3WUQKVlFRR0V3aFZibWwyWlhKelpURVBNQTBHQTFVRUNCTUdVR0Z1WjJWaE1RNHdEQVlEVlFRSEV3VkZZWEowYURFTgpNQXNHQTFVRUNoTUVRV050WlRFT01Bd0dBMVVFQ3hNRlRYbFBjbWN4RHpBTkJnTlZCQU1UQmxSbGMzUkRRVENDCkFTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBS3Y3NVRIdnlUcFJRVGNQRmRGY1k5S2cKZyszeitpSXRjUnhJSnA4ODBuL1hMQ2Z2U3VqdUVoWGFnRHEwZmx3NmpwTS9oTGp0cE5YZXZUSHdndjUzMDcvUgpyZmdsUnpIRk53ZVFqWVdQMmdRbnJybUpEQmJmT0J0enVBTjlHOEUxbHVwclNLZjNHT3pVeE1HcE5iL0w1TThXCjVhNnFPZVdGcVppNTFYanZrc3BjaGZxeHI1V050bkk1ZkhmemMweFJ1MWdiUzczNFo3Y21NQ1k2U1ZSUEdoV1MKa1ppMFl0dTNqdVBTNjdFWmgzNXliYVgyWXhmYWoyaXlVM3NSVnNud1JraExSZXpmV0wvUHdOUWo4QlljNG5zVQpRcW9ZZWxuazQ3dVk1V3c1Y2tYOE92ek1DWTRlcFJnK0ZveHB1SExGcDZFMmRMV3d3MHlpQ3N4SFR2UUp0UkVDCkF3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0VHTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3SFFZRFZSME8KQkJZRUZPek1Wb3dhaVZOVy80cUxoUXZnT1BSZFozWmhNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUFIMS81cApqWkUvd0lvcG1SeGhzd2RmSFE5RURSNXdiekVBeU9ubzNuSzdhZkRZZ3RaU3FOS0EvVUVMeXZtV3pWYzdxeWtZCmNzeUduem5nbnJvbjBoTmZCczhQQTdWVkJ3ZjlQREU0TUxRWG9Bdlk2cGpnQi9BVTVuU0YwVnlSNU5sSGxhNmUKRklLb3JnZG1NZnBpVzBMMFFQR0Nab3Bya2E5b0lzcHhSZjhtYzBuU3NyYnV1RENhYUc3emFGd003MjZKeDdiaQpuRW9pRk1Kc0YzVXpjeUtaYXNaakMrZDNDdS8wYVlveXlkTm1iSERyWjlzRld6VGQ1bHk0ZjB4VXNtVlR4MXlCCit6TURoOEtRQWFORlJ2dkdBTnZLc2J4aVloYXhIWnRwTVhZRExEZGtqL21lTUVhWCtOUlIvWjV3cFZVSkdSUE8KUll5ZHhSYlZzL2M1WlIwQQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== - fullchain.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVHakNDQXdLZ0F3SUJBZ0lVWWVySUFMai9DeHZEZXU2bEFic3Z1aGh4eExvd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1pERVJNQThHQTFVRUJoTUlWVzVwZG1WeWMyVXhEekFOQmdOVkJBZ1RCbEJoYm1kbFlURU9NQXdHQTFVRQpCeE1GUldGeWRHZ3hEVEFMQmdOVkJBb1RCRUZqYldVeERqQU1CZ05WQkFzVEJVMTVUM0puTVE4d0RRWURWUVFECkV3WlVaWE4wUTBFd0hoY05Nakl3TVRBMk1UVXpNVEF3V2hjTk1qY3dNVEExTVRVek1UQXdXakJFTVJFd0R3WUQKVlFRR0V3aFZibWwyWlhKelpURVBNQTBHQTFVRUNCTUdVR0Z1WjJWaE1RNHdEQVlEVlFRSEV3VkZZWEowYURFTwpNQXdHQTFVRUF4TUZhMkZtYTJFd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUM3Cnl4N0pIL1lZTmVnTVdFU0FaVkNJN3dMSG5sTWZ5aGY4NDJMTVlUd1pLK25IdWg2RmxNZHFoNXVOeG12UWFSV3EKaEg5NDZJMC9IanQyNmlEN2JUOFllTmpkc3haY1JTdVVRelNvV3dQbnRRTW9VUms3N2hYWEtQTkNncmVFNDNTbwo3bzNQdHh1WDVNbUtXaUdXcUs0RW1iNXVXK3d0SjRZd29VVFE0VTVPV1F4anY4K0ZUWmk5WTJVaU1JVUxCMi9YClhYWFhxWjhvRDVDeGxyc3UxWWZsV3NybFFQTFRPU0NxK1pHeEdLQ1ljMjdoaExIb0JXZjJsSnkxb29ma0lpRDQKb1dKOExhaWpMRFkwd0lodGhxMytWankySUhpVnozVS9ET21NaXMrYUwzRUR5dnE2c1E5M2l6L1A1aEszRTM1SQozR3B6NHd4MHhYWUR4d25iK3VkTkFnTUJBQUdqZ2VNd2dlQXdEZ1lEVlIwUEFRSC9CQVFEQWdXZ01CMEdBMVVkCkpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUZCUWNEQWpBTUJnTlZIUk1CQWY4RUFqQUFNQjBHQTFVZERnUVcKQkJSUnMvdzYwYmNjbWR0K2g3aldRRG8wY0xzZ3N6QWZCZ05WSFNNRUdEQVdnQlRzekZhTUdvbFRWditLaTRVTAo0RGowWFdkMllUQmhCZ05WSFJFRVdqQllnZ1ZyWVdacllZSUxLaTV0ZVM1a2IyMWhhVzZDSDJ0aFptdGhMbk5oCmJtUmliM2d1YzNaakxtTnNkWE4wWlhJdWJHOWpZV3lDSVNvdWEyRm1hMkV1YzJGdVpHSnZlQzV6ZG1NdVkyeDEKYzNSbGNpNXNiMk5oYkRBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQW8rYmRrOVVMYUdQcjE5Y0xlRlZTNmlOKwpiZDYxdUVzRUZXMUlQZ3F3OVFoUGx0MWtySTBib0dFdkZadll6T0Y1U3BYeTdvZXA2UGRSSTdHMmtCU01EaVh5ClFPOWh4WkZXaVdRZlpraFJCRWd4NTVwMzVVLzJRM3IrZ3JONHZJbXFJVVJzNElaSm9qcnFJc2VSTzVqMnViTmoKalZ4OFR1RktTZTIvLzRBRlNnL3JvY3FvcHhwYmo5dU9sZVZlVHhuUTcvSE14OGFLcTFWWGlrdHVuZlV4azhtZApJcXcrZTd3YXpWNFBKbThMWVliR3JlU3dtejRndFJMRFpSaVJzSVJkTmNnVVJ0RTR5OW9tY2hUaGxJQWRiS2l4CmpHSDhNKzIvRm1iekEzRTh2Vm1LRXQvcW9ZRm5HZnFlZ0dZYzRhMmM5Q3ZKanNpTW95K0kyYnJTMkhhTHlnPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= - privkey.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBdThzZXlSLzJHRFhvREZoRWdHVlFpTzhDeDU1VEg4b1gvT05pekdFOEdTdnB4N29lCmhaVEhhb2ViamNacjBHa1Zxb1IvZU9pTlB4NDdkdW9nKzIwL0dIalkzYk1XWEVVcmxFTTBxRnNENTdVREtGRVoKTys0VjF5anpRb0szaE9OMHFPNk56N2NibCtUSmlsb2hscWl1QkptK2JsdnNMU2VHTUtGRTBPRk9UbGtNWTcvUApoVTJZdldObElqQ0ZDd2R2MTExMTE2bWZLQStRc1phN0x0V0g1VnJLNVVEeTB6a2dxdm1Sc1JpZ21ITnU0WVN4CjZBVm45cFNjdGFLSDVDSWcrS0ZpZkMyb295dzJOTUNJYllhdC9sWTh0aUI0bGM5MVB3enBqSXJQbWk5eEE4cjYKdXJFUGQ0cy96K1lTdHhOK1NOeHFjK01NZE1WMkE4Y0oyL3JuVFFJREFRQUJBb0lCQVFDVDlIcHkxMzJhb1k0TAplOWVzbVNZVVhNc0IzeGw2cUV5eDc2eTlmYlpOMXEwL3NNR3ZXUUtzU2Q4aW1qd0RYV2UyaXVHcnJ2enB4N1h1CkFKU3Z3dWk5TFNrZnNxTmhXeFgwbitaeTVoSnprY2ZGRWZBaHFYa0hwYm5Tb3c1WDRxVGRHK1lheXhjd1d3NzIKdEFCV3BOdEZ3S09xYXozdWJYOXAvUVVzMVBaTy9ycHg2SDhIYVlDU2tibnEzMUdTb0Jpai8yTnV6eXA0aDBHTAo5d3hIZ3EvMm9laVdFZHVQQkQ2QUpHQURkZlNqZkt2OUNLblRYQk9pd2FtOUp0NWdzSXc4TVNkajBtQnBHZmtpCmRKaCs0VW1LVnl3UnNDb1RSWU53ekk5KzlxZHFYeEM4bUc4V1QvaVlMZmtnU3FnVkg4aWlrTThXc01xL3VEVmwKUmZlYk83MEJBb0dCQVBJb2p4a3RIZXkxcFI2bTBNNDY3cGdQWi9qWXpvMUFhc0c1dkp0d3lpMkRvblZnY1lXWQpicEZuUW5MYUVSRkM2UGwvRWsrOW5MRHJMSE5xR2pvaHo1ZUxpbElqSGU4dHR2RVZEaVdPY2x1NmtPZnRicEExCkU2UGJVVDZiZDc4RWdJS0V6M1ZYd2k2SlBnaEszNERuMnRuamk0NzZrcERCU0JINkxnelFwMmZoQW9HQkFNYUgKRFhKUHhsMWQzeWQ0eDVudGthSDNmdStmZGh2OXF4L2kyMmJsZkRXRWdYNHFFNy9ZVVNRcEU2VTR3RmZUMHVnego2SFZTdWs3ejVrODlSVEhvU1RZVU5PSVlWMWlmVFMyOWFVcUNzWTV5U3Z4MzRQcmFwSEZJWFhSeUxlcFFZTjRuCi9uZTM5UVdqa240OUpXTHdGK0dPTzFkbjV3OUVpUmlSM1o5Tmh6enRBb0dCQUk3Z3QyM1hYT3lwVUQrQmxYblkKODZYc2tTQVdhK2lUdFdtUU9XUk5iRHptaWhoUFN5dlVBSWp5TUJhcjY1NFBxSDV0SjFTOVA1SnpiOHE1TTdoUQo4cmNyc2ZVOG14RGdIQ3lxaTZwRkhkeFplOTRjRFR3dzFPRzlLWGFUTEZnY1ErYStqZGxpYWtRaTNlTHVxbWpZClpCeGpVWmlPNTZOWkp6alVNQStIblA2QkFvR0FBZzlVckdMM2cvQjlhRU53anNCUVNvWHU0ejJjVkI0RnNJY0MKRDhkQnlxeGRTNW5VS3FGcjlod1hBQmZlcHdxam5aVXNURXRYYzRwRVVYNHBRYU5QWHloR2hESU1kZmJ4TGhCUgpEMXpieXNhVTBKbk4wOHlBK0V2djdFMWkvSk5vN2VVc1ZzR3A0UzBaVUFZQ1pVeG9jd2F1eHZGbERGdUJzS2VTCnpSeFkwdUVDZ1lFQXlRMWJmV3dmM1RPM09XUnRvelFQVHg3WStsUFVWMldWRE8vSXdoRDlIdFpQcFIrQ3RXYzgKd3dVd0Nwa1ZwamtQZ3dNcEViMTd1UXZIRHpnRjcyWjFVemZJSWlwWkRnWllJd2EyQ3J2VEQ1VlJNbDF5R3hpaAoyK0lhY09PWkFHQlhxalAwWWRMLzhYTkhFMExoTW5VQWNxcTh2eFFHSU9RZ2xWWXBYaDhwRXVNPQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= -kind: Secret -metadata: - creationTimestamp: null - name: tls-kafka diff --git a/incubator/userprovided-mtls/tls/kustomization.yaml b/incubator/userprovided-mtls/tls/kustomization.yaml deleted file mode 100644 index 7d1a77e..0000000 --- a/incubator/userprovided-mtls/tls/kustomization.yaml +++ /dev/null @@ -1,4 +0,0 @@ -namespace: sandbox -resources: -- kafka-sslcerts.yaml -- zookeeper-sslcerts.yaml diff --git a/incubator/userprovided-mtls/tls/zookeeper-server-domain.json b/incubator/userprovided-mtls/tls/zookeeper-server-domain.json deleted file mode 100644 index a51fb50..0000000 --- a/incubator/userprovided-mtls/tls/zookeeper-server-domain.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "CN": "zookeeper", - "hosts": [ - "zookeeper", - "zookeeper.sandbox.svc.cluster.local", - "*.zookeeper.sandbox.svc.cluster.local" - ], - "key": { - "algo": "rsa", - "size": 2048 - }, - "names": [ - { - "C": "Universe", - "ST": "Pangea", - "L": "Earth" - } - ] -} \ No newline at end of file diff --git a/incubator/userprovided-mtls/tls/zookeeper-sslcerts.yaml b/incubator/userprovided-mtls/tls/zookeeper-sslcerts.yaml deleted file mode 100644 index dfefac8..0000000 --- a/incubator/userprovided-mtls/tls/zookeeper-sslcerts.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -data: - cacerts.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURtRENDQW9DZ0F3SUJBZ0lVQW9pMzRCbmprMVNiRVBnME1rWjQxeWxnd0FNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1pERVJNQThHQTFVRUJoTUlWVzVwZG1WeWMyVXhEekFOQmdOVkJBZ1RCbEJoYm1kbFlURU9NQXdHQTFVRQpCeE1GUldGeWRHZ3hEVEFMQmdOVkJBb1RCRUZqYldVeERqQU1CZ05WQkFzVEJVMTVUM0puTVE4d0RRWURWUVFECkV3WlVaWE4wUTBFd0hoY05Nakl3TVRBMk1UVXpNVEF3V2hjTk1qY3dNVEExTVRVek1UQXdXakJrTVJFd0R3WUQKVlFRR0V3aFZibWwyWlhKelpURVBNQTBHQTFVRUNCTUdVR0Z1WjJWaE1RNHdEQVlEVlFRSEV3VkZZWEowYURFTgpNQXNHQTFVRUNoTUVRV050WlRFT01Bd0dBMVVFQ3hNRlRYbFBjbWN4RHpBTkJnTlZCQU1UQmxSbGMzUkRRVENDCkFTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBS3Y3NVRIdnlUcFJRVGNQRmRGY1k5S2cKZyszeitpSXRjUnhJSnA4ODBuL1hMQ2Z2U3VqdUVoWGFnRHEwZmx3NmpwTS9oTGp0cE5YZXZUSHdndjUzMDcvUgpyZmdsUnpIRk53ZVFqWVdQMmdRbnJybUpEQmJmT0J0enVBTjlHOEUxbHVwclNLZjNHT3pVeE1HcE5iL0w1TThXCjVhNnFPZVdGcVppNTFYanZrc3BjaGZxeHI1V050bkk1ZkhmemMweFJ1MWdiUzczNFo3Y21NQ1k2U1ZSUEdoV1MKa1ppMFl0dTNqdVBTNjdFWmgzNXliYVgyWXhmYWoyaXlVM3NSVnNud1JraExSZXpmV0wvUHdOUWo4QlljNG5zVQpRcW9ZZWxuazQ3dVk1V3c1Y2tYOE92ek1DWTRlcFJnK0ZveHB1SExGcDZFMmRMV3d3MHlpQ3N4SFR2UUp0UkVDCkF3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0VHTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3SFFZRFZSME8KQkJZRUZPek1Wb3dhaVZOVy80cUxoUXZnT1BSZFozWmhNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUFIMS81cApqWkUvd0lvcG1SeGhzd2RmSFE5RURSNXdiekVBeU9ubzNuSzdhZkRZZ3RaU3FOS0EvVUVMeXZtV3pWYzdxeWtZCmNzeUduem5nbnJvbjBoTmZCczhQQTdWVkJ3ZjlQREU0TUxRWG9Bdlk2cGpnQi9BVTVuU0YwVnlSNU5sSGxhNmUKRklLb3JnZG1NZnBpVzBMMFFQR0Nab3Bya2E5b0lzcHhSZjhtYzBuU3NyYnV1RENhYUc3emFGd003MjZKeDdiaQpuRW9pRk1Kc0YzVXpjeUtaYXNaakMrZDNDdS8wYVlveXlkTm1iSERyWjlzRld6VGQ1bHk0ZjB4VXNtVlR4MXlCCit6TURoOEtRQWFORlJ2dkdBTnZLc2J4aVloYXhIWnRwTVhZRExEZGtqL21lTUVhWCtOUlIvWjV3cFZVSkdSUE8KUll5ZHhSYlZzL2M1WlIwQQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== - fullchain.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVIVENDQXdXZ0F3SUJBZ0lVYVpvaHgvakRiV0lQYTlIeGRxOUNHTENOOUdJd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1pERVJNQThHQTFVRUJoTUlWVzVwZG1WeWMyVXhEekFOQmdOVkJBZ1RCbEJoYm1kbFlURU9NQXdHQTFVRQpCeE1GUldGeWRHZ3hEVEFMQmdOVkJBb1RCRUZqYldVeERqQU1CZ05WQkFzVEJVMTVUM0puTVE4d0RRWURWUVFECkV3WlVaWE4wUTBFd0hoY05Nakl3TVRBMk1UVXpNVEF3V2hjTk1qY3dNVEExTVRVek1UQXdXakJJTVJFd0R3WUQKVlFRR0V3aFZibWwyWlhKelpURVBNQTBHQTFVRUNCTUdVR0Z1WjJWaE1RNHdEQVlEVlFRSEV3VkZZWEowYURFUwpNQkFHQTFVRUF4TUplbTl2YTJWbGNHVnlNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDCkFRRUE5RGpTVjhma3pzaGZUR2lscG10a1VBbW1GZjF4eTJIalhpdTdXUVZsZ1E1L21vSWRFeEhYYVc3c2h6RWsKdHFrVXNPc1pIVTVDeEh2MTZHK1M3UHcyRURlMmFQcEdPTVJ5ZEdLV2dNK2xQTUZ1SmU5MFJxOS9qSnBmaWY4QQo4b1llcFRXN0lrajhsK2VWRmo5c2NBdExUVnh5L1NKS1YyZ3VTdHRiZFVZT3RyYkx3QU94SWVaZmE5REhQaGtsCnFXa0JOOGk3NnRGaHZaR3l2WDlJdU1oY0JEb05HcjVBcWhFY3RxdW5TOVVzY0g4WTN0RGZXYktUZlRRR1poZ2oKMDloNTNKWmErUVBUUHRYOEdUNVJFTkdrL2dmeFBEekJYb0lyQ3hGbGg1d2pmNXIwQUJUV0FrNkJreXhhMUd3KwpybnNUSjRkdERmYVpEWkxZVDNzb1RjNXhpUUlEQVFBQm80SGlNSUhmTUE0R0ExVWREd0VCL3dRRUF3SUZvREFkCkJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUlLd1lCQlFVSEF3SXdEQVlEVlIwVEFRSC9CQUl3QURBZEJnTlYKSFE0RUZnUVVod2ZUZ1BzYThXak9DeE9uQkI3dzZOR210RUl3SHdZRFZSMGpCQmd3Rm9BVTdNeFdqQnFKVTFiLwppb3VGQytBNDlGMW5kbUV3WUFZRFZSMFJCRmt3VjRJSmVtOXZhMlZsY0dWeWdpTjZiMjlyWldWd1pYSXVjMkZ1ClpHSnZlQzV6ZG1NdVkyeDFjM1JsY2k1c2IyTmhiSUlsS2k1NmIyOXJaV1Z3WlhJdWMyRnVaR0p2ZUM1emRtTXUKWTJ4MWMzUmxjaTVzYjJOaGJEQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFWeVdKelZBUWtpSzR2L0RlRUtsVQpSV2hKdnB1aEt0Y0JERDVtV1UrTDhtbFdTTW1wY01HSk1SVzRLVWtXeUE2RlF6bUxOcWRZelRoNDlJWGt2Q3Q2Ckd5d1FqKy9VZ0VmVmwzUHBlVnYwRm9mSGV3WEt3L25mTmxPOTRKUXNDZytMUkMwZ3dBT3JUNHNTYVF1ZXhtQS8KQTQ3dkxhZE5zdGxFRHIxMit2d1FMbGZ3UE12VWxJTFJPN09SaGEyYmxZNDdjU0VKUE5qT2FPUGY4cGlxNGR4KwpINGZyS0piQU1xN3RZU0UzYzZSU0FzTWpxNHdJOCt4dkVDMW1ZTURZQ2hEcERhVEFML3MzaVA2WTBlaHg4dG1uCjE1NGVCenk2eDRXWUJBL1Y2THRQMFhNUDhieEVwUE1uKy9velMvUDNxc2pwWHNnVWlYUjFaMDlZWGhCRi81Z28Ka2c9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== - privkey.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBOURqU1Y4Zmt6c2hmVEdpbHBtdGtVQW1tRmYxeHkySGpYaXU3V1FWbGdRNS9tb0lkCkV4SFhhVzdzaHpFa3Rxa1VzT3NaSFU1Q3hIdjE2RytTN1B3MkVEZTJhUHBHT01SeWRHS1dnTStsUE1GdUplOTAKUnE5L2pKcGZpZjhBOG9ZZXBUVzdJa2o4bCtlVkZqOXNjQXRMVFZ4eS9TSktWMmd1U3R0YmRVWU90cmJMd0FPeApJZVpmYTlESFBoa2xxV2tCTjhpNzZ0Rmh2Wkd5dlg5SXVNaGNCRG9OR3I1QXFoRWN0cXVuUzlVc2NIOFkzdERmCldiS1RmVFFHWmhnajA5aDUzSlphK1FQVFB0WDhHVDVSRU5Hay9nZnhQRHpCWG9JckN4RmxoNXdqZjVyMEFCVFcKQWs2Qmt5eGExR3crcm5zVEo0ZHREZmFaRFpMWVQzc29UYzV4aVFJREFRQUJBb0lCQUUrOFFZaWhYZVhaYTZ2Ugp1c3VqNG1OelV3TjQ5TzgzTFhtd2c0RmtEcWpkSi9JMUt2THY3MG1nQ3A5MC93eVlGWVpScTZoeXhiL0t6Uld2ClgrUDUwRmpwSjZnTWxtS3dXTUlBOGl4cUh3UEFENHRaSzdoc1VoT0F6MUtKckRDQ2MzenpGdjd4bjI2bEVIcnMKQ0Nab3VaUXZhK2VUaTN3UUtwVU1HMGNsc1dZYmt3bEhNd2ZDdHo1bUg2K2VkS045UU1WREo0TS9henFmRTcxTgpKaUgvZXhYd3R2b25IMzdHZ2Q0ZEJicWpZNm5WWG8zeWgyRW1OSjZFSUJFWlZVNmxkMEl4QXhjQVdHdVNGUUtZCm5YR2V5d1B4a2FpSklYVDBsWjNYdGh5b3FyQ2VWdm84eW1oUkVtUXdyVDZ2emc3LzhsYVFHZllySE5PeUZnem8KUHM3K00xRUNnWUVBOU9iMU80L1lPZnI1aFhVN0R2QW5XbWtBbjRWcWRYQ2czYXVCZ29xWkhpTzg2QWFtMDkxaApPNjJWc2hVcCtrbFJMVmR6MG1SZFh6amROSU8rUTJpUTZwRkROTStFZFZpWCtWcy9YbFlmSEhISzF6TEVDZnh2CnUzSzlZVXVNUTkyb2NNejhqdk1qclFleWMwMkxETFN1WkRIbzA3TzJ3SzdCc0dLN2lwTWZ4TDBDZ1lFQS8wbjUKQU90TXlvOENxWlAxc1BTK2hSTUF3N2xTQnhhUE13aUhaT3ZBWGhxS3Y4MWtyc0tLa1JJWW9MYTdyZGxtSytlagpuOE9hSzB3TUZYclJ1dVkzSWtlWnhWdmNxOWtIRTJCYkdMKytWYVNVT3Y5VURzNGUvZGhxdjg1dmttQXc4bS9LCjMzSjZLREl2azdadjZJcVJROFBuRW93di9oaVpnRWY4RXpwTEdyMENnWUJTQlN2cXA5RldFYzBSdW1KdUxWWXcKdkd2K0FSUFhnMElORzR5RGFPSEJLMXp3SkpJbzhNTEkxdWtFdkh2VG5FeDRzQXBWVTFIR08yZ3lWMUVZaUdQSQplNkFUaHRDbzhHUHRtbmJOcEhCRStZTmlzVmpnczAvRWFyZ3NacjN5V01FNkRoMGp6eUNLcWNKRlJab2xSam9GCnlvVmNxWnF5UzVVSSt2Z3VmL21xelFLQmdRQ2VJYUVHNjdtV1l2MWdNMUZsK2tRbFEvOGVQYVhNMURHQmlBL3QKK0lZaEJFbmJ3d3RSb1JtYUFONldkbnBNbHJST0Q5N3ZzSWJIdVFSbkxidktESjRzTXJQU1p6T0treFZwOEM2ZApadkFzTnBURzhxK0x1Q3ZFUzVEY0hMQkp1Q0c1bW52TTZ5azF5dGhqcEFjdndOMTRYMW03eUhCVjhjRHJrQ3RaCmNhdGg5UUtCZ1FDUjFDUG44OHc3NU9NODE1NmhRbzl2L3phWFMrSExFaUhJMlE5b29RYTVBamZaa0NZTnVMTE0KQytjOFk0R3RKbnMxSG1wQ0M0YlNXV2VqK2dyVkRJM0lreTJvVHk3RE9YZDcxYk1Day9lZEMxbmRZT2hTbnJ1OQpmTCs1SE1sS0JtTTBBcmwzNlIxeFZCMFJVUWR4UDk4cDRmaVQyQWJENlpnZEpOMFBzZ3IzZGc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= -kind: Secret -metadata: - creationTimestamp: null - name: tls-zookeeper diff --git a/incubator/velero-restore/README.md b/incubator/velero-restore/README.md deleted file mode 100644 index fb4f812..0000000 --- a/incubator/velero-restore/README.md +++ /dev/null @@ -1,24 +0,0 @@ -``` -velero install \ - --provider aws \ - --plugins velero/velero-plugin-for-aws:v1.2.1 \ - --bucket velero \ - --secret-file ./credentials-velero \ - --use-volume-snapshots=false \ - --backup-location-config region=minio,s3ForcePathStyle="true",s3Url=http://minio.velero.svc:9000 -``` - - -velero backup create confluent --include-namespaces sandbox - - -``` -kubectl get namespace "sandbox" -o json \ - | tr -d "\n" | sed "s/\"finalizers\": \[[^]]\+\]/\"finalizers\": []/" \ - | kubectl replace --raw /api/v1/namespaces/sandbox/finalize -f - -``` - -velero restore create confluent --from-backup confluent - - -velero backup create confluent --include-namespaces sandbox \ No newline at end of file diff --git a/incubator/velero-restore/credentials-velero b/incubator/velero-restore/credentials-velero deleted file mode 100644 index 7546f35..0000000 --- a/incubator/velero-restore/credentials-velero +++ /dev/null @@ -1,3 +0,0 @@ -[default] -aws_access_key_id = minio -aws_secret_access_key = minio123 \ No newline at end of file diff --git a/incubator/velero-restore/kustomization.yaml b/incubator/velero-restore/kustomization.yaml deleted file mode 100644 index b07eab2..0000000 --- a/incubator/velero-restore/kustomization.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: sandbox -resources: -#- minio.yaml -- namespace.yaml -- ../../base/operator -- ../../base/cfk-components/confluent-no-auth - - - diff --git a/incubator/velero-restore/minio.yaml b/incubator/velero-restore/minio.yaml deleted file mode 100644 index dd0eef9..0000000 --- a/incubator/velero-restore/minio.yaml +++ /dev/null @@ -1,113 +0,0 @@ -# Copyright 2017 the Velero contributors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- -apiVersion: v1 -kind: Namespace -metadata: - name: velero - ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - namespace: velero - name: minio - labels: - component: minio -spec: - strategy: - type: Recreate - selector: - matchLabels: - component: minio - template: - metadata: - labels: - component: minio - spec: - volumes: - - name: storage - emptyDir: {} - - name: config - emptyDir: {} - containers: - - name: minio - image: minio/minio:latest - imagePullPolicy: IfNotPresent - args: - - server - - /storage - - --config-dir=/config - env: - - name: MINIO_ACCESS_KEY - value: "minio" - - name: MINIO_SECRET_KEY - value: "minio123" - ports: - - containerPort: 9000 - volumeMounts: - - name: storage - mountPath: "/storage" - - name: config - mountPath: "/config" - ---- -apiVersion: v1 -kind: Service -metadata: - namespace: velero - name: minio - labels: - component: minio -spec: - # ClusterIP is recommended for production environments. - # Change to NodePort if needed per documentation, - # but only if you run Minio in a test/trial environment, for example with Minikube. - type: ClusterIP - ports: - - port: 9000 - targetPort: 9000 - protocol: TCP - selector: - component: minio - ---- -apiVersion: batch/v1 -kind: Job -metadata: - namespace: velero - name: minio-setup - labels: - component: minio -spec: - template: - metadata: - name: minio-setup - spec: - restartPolicy: OnFailure - volumes: - - name: config - emptyDir: {} - containers: - - name: mc - image: minio/mc:latest - imagePullPolicy: IfNotPresent - command: - - /bin/sh - - -c - - "mc --config-dir=/config config host add velero http://minio:9000 minio minio123 && mc --config-dir=/config mb -p velero/velero" - volumeMounts: - - name: config - mountPath: "/config" \ No newline at end of file diff --git a/incubator/custom-ldap/README.md b/resources/custom-ldap/README.md similarity index 100% rename from incubator/custom-ldap/README.md rename to resources/custom-ldap/README.md diff --git a/incubator/custom-ldap/ldap.yaml b/resources/custom-ldap/ldap.yaml similarity index 100% rename from incubator/custom-ldap/ldap.yaml rename to resources/custom-ldap/ldap.yaml diff --git a/resources/helm-update/update_helm.sh b/resources/helm-update/update_helm.sh deleted file mode 100755 index 43cc5d0..0000000 --- a/resources/helm-update/update_helm.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash -export CHART_VERSION=0.304.2 -#export CHART_VERSION=0.174.25 -#export CHART_VERSION=0.174.21 -#export CHART_VERSION=0.174.13 -helm repo add confluentinc https://packages.confluent.io/helm -helm repo update -helm search repo confluent --versions -helm template confluentinc/confluent-for-kubernetes --version $CHART_VERSION --include-crds --set namespaced=false --output-dir . -mv confluent-for-kubernetes/crds/* ../../kustomize/crds/crds -mv confluent-for-kubernetes/templates/* ../../kustomize/base/operator -rm -R confluent-for-kubernetes \ No newline at end of file diff --git a/resources/monitoring/grafana/configmap.yaml b/resources/monitoring/grafana/configmap.yaml new file mode 100644 index 0000000..7752041 --- /dev/null +++ b/resources/monitoring/grafana/configmap.yaml @@ -0,0 +1,24 @@ +--- +# Source: grafana/templates/configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: oso-grafana-envvars + namespace: default + labels: + app.kubernetes.io/name: grafana + helm.sh/chart: grafana-6.1.11 + app.kubernetes.io/instance: oso + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: grafana +data: + GF_SECURITY_ADMIN_USER: "admin" + GF_INSTALL_PLUGINS: "" + GF_PATHS_PLUGINS: "/opt/bitnami/grafana/data/plugins" + GF_AUTH_LDAP_ENABLED: "false" + GF_AUTH_LDAP_CONFIG_FILE: "/opt/bitnami/grafana/conf/ldap.toml" + GF_AUTH_LDAP_ALLOW_SIGN_UP: "false" + GF_PATHS_PROVISIONING: "/opt/bitnami/grafana/conf/provisioning" + GF_PATHS_CONFIG: "/opt/bitnami/grafana/conf/grafana.ini" + GF_PATHS_DATA: "/opt/bitnami/grafana/data" + GF_PATHS_LOGS: "/opt/bitnami/grafana/logs" diff --git a/resources/monitoring/grafana/dashboard-config.yaml b/resources/monitoring/grafana/dashboard-config.yaml new file mode 100644 index 0000000..8cc2884 --- /dev/null +++ b/resources/monitoring/grafana/dashboard-config.yaml @@ -0,0 +1,24 @@ +--- +# Source: prometheus/templates/server/cm.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + component: "server" + app: grafna + release: oso + name: oso-grafana-server-dashboard-config +data: + config.yaml: | + apiVersion: 1 + providers: + - name: 'oso-provider' + orgId: 1 + folder: 'confluent-examples' + type: file + disableDeletion: true + updateIntervalSeconds: 10 + allowUiUpdates: true + options: + path: /opt/bitnami/grafana/conf/provisioning/dashboard-source + foldersFromFilesStructure: true diff --git a/resources/monitoring/grafana/dashboards.yaml b/resources/monitoring/grafana/dashboards.yaml new file mode 100644 index 0000000..a8d2c4a --- /dev/null +++ b/resources/monitoring/grafana/dashboards.yaml @@ -0,0 +1,663 @@ +--- +# Source: prometheus/templates/server/cm.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + component: "server" + app: grafna + release: oso + name: oso-grafana-server-dashboards +data: + confluent-platform.json: | + { + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "description": "Kafka resource usage and throughput", + "editable": true, + "gnetId": 7589, + "graphTooltip": 0, + "id": 2, + "iteration": 1632223576629, + "links": [], + "panels": [ + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 10, + "w": 10, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 14, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": 480, + "sort": "max", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.1.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(kafka_topic_partition_current_offset{instance=\"$instance\", topic=~\"$topic\"}[1m])) by (topic)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{topic}}", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Message in per second", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 10, + "w": 10, + "x": 10, + "y": 0 + }, + "hiddenSeries": false, + "id": 12, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": 480, + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.1.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(kafka_consumergroup_lag{instance=\"$instance\",topic=~\"$topic\"}) by (consumergroup, topic) ", + "format": "time_series", + "instant": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{consumergroup}} (topic: {{topic}})", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Lag by Consumer Group", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": "", + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 10, + "w": 10, + "x": 0, + "y": 10 + }, + "hiddenSeries": false, + "id": 16, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": 480, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.1.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(delta(kafka_topic_partition_current_offset{instance=~'$instance', topic=~\"$topic\"}[5m])/5) by (topic)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{topic}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Message in per minute", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 10, + "w": 10, + "x": 10, + "y": 10 + }, + "hiddenSeries": false, + "id": 18, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": 480, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.1.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(delta(kafka_consumergroup_current_offset{instance=~'$instance',topic=~\"$topic\"}[5m])/5) by (consumergroup, topic)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{consumergroup}} (topic: {{topic}})", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Message consume per minute", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 20, + "x": 0, + "y": 20 + }, + "hiddenSeries": false, + "id": 8, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": 420, + "total": false, + "values": true + }, + "lines": false, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.1.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum by(topic) (kafka_topic_partitions{instance=\"$instance\",topic=~\"$topic\"})", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{topic}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Partitions per Topic", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "series", + "name": null, + "show": false, + "values": [ + "current" + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "refresh": "5s", + "schemaVersion": 30, + "style": "dark", + "tags": [ + "Kafka" + ], + "templating": { + "list": [ + { + "allValue": null, + "current": { + "selected": false, + "text": "kafka-exporter", + "value": "kafka-exporter" + }, + "datasource": "prometheus", + "definition": "", + "description": null, + "error": null, + "hide": 0, + "includeAll": false, + "label": "Job", + "multi": false, + "name": "job", + "options": [], + "query": { + "query": "label_values(kafka_consumergroup_current_offset, job)", + "refId": "prometheus-job-Variable-Query" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "selected": true, + "text": "oso-prometheus-kafka-exporter:9308", + "value": "oso-prometheus-kafka-exporter:9308" + }, + "datasource": "prometheus", + "definition": "", + "description": null, + "error": null, + "hide": 0, + "includeAll": false, + "label": "Instance", + "multi": false, + "name": "instance", + "options": [], + "query": { + "query": "label_values(kafka_consumergroup_current_offset{job=~\"$job\"}, instance)", + "refId": "prometheus-instance-Variable-Query" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "selected": true, + "text": [ + "alpha-topic", + "bravo-topic", + "charlie-topic", + "delta-topic" + ], + "value": [ + "alpha-topic", + "bravo-topic", + "charlie-topic", + "delta-topic" + ] + }, + "datasource": "prometheus", + "definition": "", + "description": null, + "error": null, + "hide": 0, + "includeAll": true, + "label": "Topic", + "multi": true, + "name": "topic", + "options": [], + "query": { + "query": "label_values(kafka_topic_partition_current_offset{instance='$instance',topic!='__consumer_offsets',topic!='--kafka'}, topic)", + "refId": "prometheus-topic-Variable-Query" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-5m", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "browser", + "title": "Kafka Exporter Overview", + "uid": "nfUWQVH7k", + "version": 1 + } \ No newline at end of file diff --git a/resources/monitoring/grafana/dashboards/confluent-platform.json b/resources/monitoring/grafana/dashboards/confluent-platform.json new file mode 100644 index 0000000..c4cbbe1 --- /dev/null +++ b/resources/monitoring/grafana/dashboards/confluent-platform.json @@ -0,0 +1,651 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "description": "Kafka resource usage and throughput", + "editable": true, + "gnetId": 7589, + "graphTooltip": 0, + "id": 2, + "iteration": 1632223576629, + "links": [], + "panels": [ + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 10, + "w": 10, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 14, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": 480, + "sort": "max", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.1.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(kafka_topic_partition_current_offset{instance=\"$instance\", topic=~\"$topic\"}[1m])) by (topic)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{topic}}", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Message in per second", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 10, + "w": 10, + "x": 10, + "y": 0 + }, + "hiddenSeries": false, + "id": 12, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": 480, + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.1.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(kafka_consumergroup_lag{instance=\"$instance\",topic=~\"$topic\"}) by (consumergroup, topic) ", + "format": "time_series", + "instant": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{consumergroup}} (topic: {{topic}})", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Lag by Consumer Group", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": "", + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 10, + "w": 10, + "x": 0, + "y": 10 + }, + "hiddenSeries": false, + "id": 16, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": 480, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.1.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(delta(kafka_topic_partition_current_offset{instance=~'$instance', topic=~\"$topic\"}[5m])/5) by (topic)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{topic}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Message in per minute", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 10, + "w": 10, + "x": 10, + "y": 10 + }, + "hiddenSeries": false, + "id": 18, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": 480, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.1.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(delta(kafka_consumergroup_current_offset{instance=~'$instance',topic=~\"$topic\"}[5m])/5) by (consumergroup, topic)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{consumergroup}} (topic: {{topic}})", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Message consume per minute", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 20, + "x": 0, + "y": 20 + }, + "hiddenSeries": false, + "id": 8, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": 420, + "total": false, + "values": true + }, + "lines": false, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.1.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum by(topic) (kafka_topic_partitions{instance=\"$instance\",topic=~\"$topic\"})", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{topic}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Partitions per Topic", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "series", + "name": null, + "show": false, + "values": [ + "current" + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "refresh": "5s", + "schemaVersion": 30, + "style": "dark", + "tags": [ + "Kafka" + ], + "templating": { + "list": [ + { + "allValue": null, + "current": { + "selected": false, + "text": "kafka-exporter", + "value": "kafka-exporter" + }, + "datasource": "prometheus", + "definition": "", + "description": null, + "error": null, + "hide": 0, + "includeAll": false, + "label": "Job", + "multi": false, + "name": "job", + "options": [], + "query": { + "query": "label_values(kafka_consumergroup_current_offset, job)", + "refId": "prometheus-job-Variable-Query" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "selected": true, + "text": "oso-prometheus-kafka-exporter:9308", + "value": "oso-prometheus-kafka-exporter:9308" + }, + "datasource": "prometheus", + "definition": "", + "description": null, + "error": null, + "hide": 0, + "includeAll": false, + "label": "Instance", + "multi": false, + "name": "instance", + "options": [], + "query": { + "query": "label_values(kafka_consumergroup_current_offset{job=~\"$job\"}, instance)", + "refId": "prometheus-instance-Variable-Query" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "selected": true, + "text": [ + "alpha-topic", + "bravo-topic", + "charlie-topic", + "delta-topic" + ], + "value": [ + "alpha-topic", + "bravo-topic", + "charlie-topic", + "delta-topic" + ] + }, + "datasource": "prometheus", + "definition": "", + "description": null, + "error": null, + "hide": 0, + "includeAll": true, + "label": "Topic", + "multi": true, + "name": "topic", + "options": [], + "query": { + "query": "label_values(kafka_topic_partition_current_offset{instance='$instance',topic!='__consumer_offsets',topic!='--kafka'}, topic)", + "refId": "prometheus-topic-Variable-Query" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-5m", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "browser", + "title": "Kafka Exporter Overview", + "uid": "nfUWQVH7k", + "version": 1 +} \ No newline at end of file diff --git a/resources/monitoring/grafana/dashboards/kafak-lag-exporter.json b/resources/monitoring/grafana/dashboards/kafak-lag-exporter.json new file mode 100644 index 0000000..f81904d --- /dev/null +++ b/resources/monitoring/grafana/dashboards/kafak-lag-exporter.json @@ -0,0 +1,1038 @@ +{ + "__inputs": [ + { + "name": "prometheus", + "label": "Instance", + "description": "", + "type": "datasource", + "pluginId": "prometheus", + "pluginName": "Prometheus" + } + ], + "__requires": [ + { + "type": "grafana", + "id": "grafana", + "name": "Grafana", + "version": "5.3.4" + }, + { + "type": "panel", + "id": "graph", + "name": "Graph", + "version": "5.0.0" + }, + { + "type": "datasource", + "id": "prometheus", + "name": "Prometheus", + "version": "5.0.0" + } + ], + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": null, + "iteration": 1556312150750, + "links": [], + "panels": [ + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 28, + "panels": [], + "repeat": null, + "title": "All Consumer Group Lag", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "description": "Max extrapolated lag in seconds for each consumer group.", + "fill": 1, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 1 + }, + "id": 102, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "topk(50, kafka_consumergroup_group_max_lag_seconds{namespace=\"$namespace\",cluster_name=\"$cluster_name\",group=~\"$consumer_group\"})", + "format": "time_series", + "hide": false, + "intervalFactor": 1, + "legendFormat": "{{group}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Consumer Group Max Lag Seconds", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "s", + "label": "estimated lag in seconds", + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "description": "Extrapolated lag in seconds for each partition.", + "fill": 1, + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 1 + }, + "id": 103, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "topk(25, kafka_consumergroup_group_lag_seconds{namespace=\"$namespace\",cluster_name=\"$cluster_name\",group=~\"$consumer_group\"})", + "format": "time_series", + "hide": false, + "intervalFactor": 1, + "legendFormat": "{{group}},{{topic}},{{partition}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Consumer Group Lag Partition Seconds", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "s", + "label": "estimated lag in seconds", + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "description": "Max offset lag for each consumer group.", + "fill": 1, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 11 + }, + "id": 98, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "repeatDirection": "h", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "topk(50, kafka_consumergroup_group_max_lag{namespace=\"$namespace\",cluster_name=\"$cluster_name\",group=~\"$consumer_group\"})", + "format": "time_series", + "hide": false, + "intervalFactor": 1, + "legendFormat": "{{group}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Consumer Group Max Lag Offsets", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "none", + "label": "offsets", + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "description": "Consumer Group Lag Partition Offsets", + "fill": 1, + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 11 + }, + "id": 82, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "topk(25, kafka_consumergroup_group_lag{namespace=\"$namespace\",cluster_name=\"$cluster_name\",group=~\"$consumer_group\"})", + "format": "time_series", + "hide": false, + "intervalFactor": 1, + "legendFormat": "{{group}},{{topic}},{{partition}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Consumer Group Lag Partition Offsets", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "none", + "label": "offsets", + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": "offsets_2", + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 21 + }, + "id": 149, + "panels": [], + "title": "Consumer Group Lag In Time Per Group Over Offset Lag", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "description": "", + "fill": 0, + "gridPos": { + "h": 8, + "w": 8, + "x": 0, + "y": 22 + }, + "id": 147, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "minSpan": 8, + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": "consumer_group", + "repeatDirection": "h", + "seriesOverrides": [ + { + "alias": "Consumer group lag in offsets", + "color": "#cca300", + "linewidth": 2, + "yaxis": 2 + }, + { + "alias": "Consumer group lag in time", + "color": "rgb(255, 0, 0)", + "linewidth": 2, + "yaxis": 1 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "kafka_consumergroup_group_max_lag_seconds{namespace=\"$namespace\",cluster_name=\"$cluster_name\",group=~\"$consumer_group\"}", + "format": "time_series", + "hide": false, + "intervalFactor": 1, + "legendFormat": "Consumer group lag in time", + "refId": "A" + }, + { + "expr": "kafka_consumergroup_group_max_lag{namespace=\"$namespace\",cluster_name=\"$cluster_name\",group=~\"$consumer_group\"}", + "format": "time_series", + "hide": false, + "intervalFactor": 1, + "legendFormat": "Consumer group lag in offsets", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "$consumer_group", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "transparent": false, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "s", + "label": "estimated lag in seconds", + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": "lag in offsets", + "logBase": 1, + "max": null, + "min": "0", + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 30 + }, + "id": 106, + "panels": [], + "title": "Consumer Group Lag in Time Per Group Over Summed Offsets", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "description": "", + "fill": 0, + "gridPos": { + "h": 8, + "w": 8, + "x": 0, + "y": 31 + }, + "id": 107, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "minSpan": 8, + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": "consumer_group", + "repeatDirection": "h", + "seriesOverrides": [ + { + "alias": "Sum of group offsets", + "yaxis": 2 + }, + { + "alias": "Sum of latest offsets", + "yaxis": 2 + }, + { + "alias": "/Consumer group.*/", + "color": "rgb(255, 0, 0)", + "linewidth": 2 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "max(kafka_consumergroup_group_lag_seconds{namespace=\"$namespace\",cluster_name=\"$cluster_name\",group=~\"$consumer_group\"}) by (group)", + "format": "time_series", + "hide": false, + "intervalFactor": 1, + "legendFormat": "Consumer group lag in time", + "refId": "A" + }, + { + "expr": "sum(kafka_consumergroup_group_offset{namespace=\"$namespace\",cluster_name=\"$cluster_name\",group=~\"$consumer_group\"})", + "format": "time_series", + "hide": false, + "intervalFactor": 1, + "legendFormat": "Sum of group offsets", + "refId": "B" + }, + { + "expr": "sum((kafka_consumergroup_group_offset{namespace=\"$namespace\",cluster_name=\"$cluster_name\",group=~\"$consumer_group\"} * 0)\n+ on(namespace,cluster_name,topic,partition) group_left() kafka_partition_latest_offset{namespace=\"$namespace\",cluster_name=\"$cluster_name\"})", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "Sum of latest offsets", + "refId": "C" + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "$consumer_group", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "transparent": false, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "s", + "label": "estimated lag in seconds", + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": "offset", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 39 + }, + "id": 101, + "panels": [], + "title": "Kafka Lag Exporter JVM Metrics", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "fill": 1, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 40 + }, + "id": 99, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(jvm_memory_bytes_used{app_kubernetes_io_instance=\"kafka-lag-exporter\"}[5m])) by (kubernetes_pod_name)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{kubernetes_pod_name}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "JVM Memory Used", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "decbytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "fill": 1, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 40 + }, + "id": 95, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(jvm_gc_collection_seconds_sum{app_kubernetes_io_instance=\"kafka-lag-exporter\"}[5m])) by (kubernetes_pod_name)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{kubernetes_pod_name}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "JVM GC Time", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "fill": 1, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 40 + }, + "id": 97, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(jvm_gc_collection_seconds_count{app_kubernetes_io_instance=\"kafka-lag-exporter\"}[5m])) by (kubernetes_pod_name)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{kubernetes_pod_name}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "JVM GC Rate", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "refresh": "5m", + "schemaVersion": 16, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "allValue": null, + "current": {}, + "datasource": "prometheus", + "hide": 0, + "includeAll": false, + "label": "Namespace", + "multi": false, + "name": "namespace", + "options": [], + "query": "query_result(kafka_consumergroup_group_lag)", + "refresh": 1, + "regex": "/.*namespace=\"([^\"]*).*/", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": {}, + "datasource": "prometheus", + "hide": 0, + "includeAll": false, + "label": "Cluster Name", + "multi": false, + "name": "cluster_name", + "options": [], + "query": "query_result(kafka_consumergroup_group_lag{namespace=\"$namespace\"})", + "refresh": 1, + "regex": "/.*cluster_name=\"([^\"]*).*/", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": ".*", + "current": {}, + "datasource": "prometheus", + "hide": 0, + "includeAll": true, + "label": "Consumer Group", + "multi": true, + "name": "consumer_group", + "options": [], + "query": "query_result(kafka_consumergroup_group_lag{namespace=\"$namespace\",cluster_name=\"$cluster_name\"})", + "refresh": 1, + "regex": "/.*group=\"([^\"]*).*/", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-30m", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "", + "title": "Kafka Lag Exporter", + "uid": "8LW1Yd8ik", + "version": 14 +} \ No newline at end of file diff --git a/resources/monitoring/grafana/datasources.yaml b/resources/monitoring/grafana/datasources.yaml new file mode 100644 index 0000000..b5b843d --- /dev/null +++ b/resources/monitoring/grafana/datasources.yaml @@ -0,0 +1,22 @@ +--- +# Source: prometheus/templates/server/cm.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + component: "server" + app: grafna + release: oso + name: oso-grafana-server-datasources +data: + prometheus.yml: | + apiVersion: 1 + datasources: + - access: 'proxy' + editable: true + is_default: true + name: 'prometheus' + org_id: 1 + type: 'prometheus' + url: 'http://oso-prometheus-server:80' + version: 1 \ No newline at end of file diff --git a/resources/monitoring/grafana/deployment.yaml b/resources/monitoring/grafana/deployment.yaml new file mode 100644 index 0000000..d4dc9db --- /dev/null +++ b/resources/monitoring/grafana/deployment.yaml @@ -0,0 +1,118 @@ +--- +# Source: grafana/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: oso-grafana + namespace: default + labels: + app.kubernetes.io/name: grafana + helm.sh/chart: grafana-6.1.11 + app.kubernetes.io/instance: oso + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: grafana +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: grafana + app.kubernetes.io/instance: oso + app.kubernetes.io/component: grafana + strategy: + type: RollingUpdate + template: + metadata: + labels: + app.kubernetes.io/name: grafana + helm.sh/chart: grafana-6.1.11 + app.kubernetes.io/instance: oso + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: grafana + annotations: + checksum/secret: 071b561f1f90acdf28cf77c354e8db5aa60fe52dc656c5f175e72a7aed28abe5 + checksum/config: ca8b427900a3dcdd9888348a7e0abc43422f5e557b57164c9464a5b5c0e0e957 + checksum/dashboard-provider: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + spec: + serviceAccountName: oso-grafana + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: grafana + app.kubernetes.io/instance: oso + app.kubernetes.io/component: grafana + namespaces: + - "default" + topologyKey: kubernetes.io/hostname + weight: 1 + nodeAffinity: + + securityContext: + runAsUser: 1001 + fsGroup: 1001 + runAsNonRoot: true + containers: + - name: grafana + image: docker.io/bitnami/grafana:8.1.2-debian-10-r6 + imagePullPolicy: IfNotPresent + envFrom: + - configMapRef: + name: oso-grafana-envvars + env: + - name: GF_INSTALL_PLUGINS + value: "grafana-piechart-panel" + - name: GF_SECURITY_ADMIN_USER + value: "admin" + - name: GF_SECURITY_ADMIN_PASSWORD + value: "password" + - name: GF_USERS_ALLOW_SIGN_UP + value: "false" + volumeMounts: + - name: data + mountPath: /opt/bitnami/grafana/data + - name: data-sources + mountPath: /opt/bitnami/grafana/conf/provisioning/datasources + - name: dashboard-config + mountPath: /opt/bitnami/grafana/conf/provisioning/dashboards + - name: dashboards + mountPath: /opt/bitnami/grafana/conf/provisioning/dashboard-source + ports: + - name: dashboard + containerPort: 3000 + protocol: TCP + livenessProbe: + httpGet: + path: /api/health + port: dashboard + initialDelaySeconds: 120 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + readinessProbe: + httpGet: + path: /api/health + port: dashboard + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + resources: + limits: {} + requests: {} + volumes: + - name: data + persistentVolumeClaim: + claimName: oso-grafana + - name: data-sources + configMap: + name: oso-grafana-server-datasources + - name: dashboards + configMap: + name: oso-grafana-server-dashboards + - name: dashboard-config + configMap: + name: oso-grafana-server-dashboard-config diff --git a/resources/monitoring/grafana/kustomization.yaml b/resources/monitoring/grafana/kustomization.yaml new file mode 100644 index 0000000..7835ca3 --- /dev/null +++ b/resources/monitoring/grafana/kustomization.yaml @@ -0,0 +1,25 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- configmap.yaml +- datasources.yaml +#- dashboards.yaml +- dashboard-config.yaml +- deployment.yaml +- pvc.yaml +- secret.yaml +- service.yaml +- serviceaccount.yaml + +configMapGenerator: + - name: oso-grafana-server-dashboards + files: + - dashboards/confluent-platform.json + - dashboards/kafak-lag-exporter.json + +generatorOptions: + disableNameSuffixHash: true + labels: + component: "server" + app: grafna + release: oso \ No newline at end of file diff --git a/resources/monitoring/grafana/pvc.yaml b/resources/monitoring/grafana/pvc.yaml new file mode 100644 index 0000000..9a0f348 --- /dev/null +++ b/resources/monitoring/grafana/pvc.yaml @@ -0,0 +1,19 @@ +--- +# Source: grafana/templates/pvc.yaml +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: oso-grafana + namespace: default + labels: + app.kubernetes.io/name: grafana + helm.sh/chart: grafana-6.1.11 + app.kubernetes.io/instance: oso + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: grafana +spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "10Gi" diff --git a/resources/monitoring/grafana/secret.yaml b/resources/monitoring/grafana/secret.yaml new file mode 100644 index 0000000..7734e43 --- /dev/null +++ b/resources/monitoring/grafana/secret.yaml @@ -0,0 +1,16 @@ +--- +# Source: grafana/templates/secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: oso-grafana-admin + namespace: default + labels: + app.kubernetes.io/name: grafana + helm.sh/chart: grafana-6.1.11 + app.kubernetes.io/instance: oso + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: grafana +type: Opaque +data: + GF_SECURITY_ADMIN_PASSWORD: "T2gwaGk1a3NNcA==" diff --git a/resources/monitoring/grafana/service.yaml b/resources/monitoring/grafana/service.yaml new file mode 100644 index 0000000..b7e327e --- /dev/null +++ b/resources/monitoring/grafana/service.yaml @@ -0,0 +1,25 @@ +--- +# Source: grafana/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: oso-grafana + namespace: default + labels: + app.kubernetes.io/name: grafana + helm.sh/chart: grafana-6.1.11 + app.kubernetes.io/instance: oso + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: grafana +spec: + type: ClusterIP + ports: + - port: 3000 + targetPort: dashboard + protocol: TCP + name: http + nodePort: null + selector: + app.kubernetes.io/name: grafana + app.kubernetes.io/instance: oso + app.kubernetes.io/component: grafana diff --git a/resources/monitoring/grafana/serviceaccount.yaml b/resources/monitoring/grafana/serviceaccount.yaml new file mode 100644 index 0000000..31d011f --- /dev/null +++ b/resources/monitoring/grafana/serviceaccount.yaml @@ -0,0 +1,14 @@ +--- +# Source: grafana/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: oso-grafana + namespace: default + labels: + app.kubernetes.io/name: grafana + helm.sh/chart: grafana-6.1.11 + app.kubernetes.io/instance: oso + app.kubernetes.io/managed-by: Helm +secrets: + - name: oso-grafana-admin diff --git a/resources/monitoring/kustomization.yaml b/resources/monitoring/kustomization.yaml new file mode 100644 index 0000000..f4c223b --- /dev/null +++ b/resources/monitoring/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - grafana + - prometheus + + diff --git a/resources/monitoring/prometheus/kafka-exporter/deploy.yaml b/resources/monitoring/prometheus/kafka-exporter/deploy.yaml new file mode 100644 index 0000000..8f178a8 --- /dev/null +++ b/resources/monitoring/prometheus/kafka-exporter/deploy.yaml @@ -0,0 +1,34 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kafka-exporter +spec: + selector: + matchLabels: + app: kafka-exporter + replicas: 1 + template: + metadata: + labels: + component: "server" + app: kafka-exporter + spec: + enableServiceLinks: true + serviceAccountName: oso-prometheus-server + containers: + - name: kafka-exporter + image: "danielqsj/kafka-exporter:latest" + imagePullPolicy: Always + args: + - --kafka.server=kafka:9092 + - --sasl.enabled + - --sasl.mechanism=plain + - --sasl.username=kafka + - --sasl.password=kafka-secret + - --tls.enabled + - --tls.insecure-skip-tls-verify + - --verbosity=10 + ports: + - name: "kexporter" + containerPort: 9308 + protocol: TCP \ No newline at end of file diff --git a/resources/monitoring/prometheus/kafka-exporter/kustomization.yaml b/resources/monitoring/prometheus/kafka-exporter/kustomization.yaml new file mode 100644 index 0000000..09c4c8e --- /dev/null +++ b/resources/monitoring/prometheus/kafka-exporter/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- deploy.yaml +- service.yaml diff --git a/resources/monitoring/prometheus/kafka-exporter/service.yaml b/resources/monitoring/prometheus/kafka-exporter/service.yaml new file mode 100644 index 0000000..52a9184 --- /dev/null +++ b/resources/monitoring/prometheus/kafka-exporter/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: kafka-exporter + labels: + service: kafka-exporter-service +spec: + type: ClusterIP + ports: + - port: 9308 + name: "kexporter" + targetPort: 9308 + protocol: TCP + selector: + app: kafka-exporter diff --git a/resources/monitoring/prometheus/kustomization.yaml b/resources/monitoring/prometheus/kustomization.yaml new file mode 100644 index 0000000..f501c65 --- /dev/null +++ b/resources/monitoring/prometheus/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- server +- kafka-exporter +#- node-exporter +#- alertmanager +#- kafka-lag-exporter diff --git a/resources/monitoring/prometheus/server/cm.yaml b/resources/monitoring/prometheus/server/cm.yaml new file mode 100644 index 0000000..47fff76 --- /dev/null +++ b/resources/monitoring/prometheus/server/cm.yaml @@ -0,0 +1,66 @@ +--- +# Source: prometheus/templates/server/cm.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + component: "server" + app: prometheus + release: oso + chart: prometheus-14.6.0 + heritage: Helm + name: oso-prometheus-server + namespace: default +data: + alerting_rules.yml: | + {} + alerts: | + {} + prometheus.yml: | + global: + evaluation_interval: 1m + scrape_interval: 1m + scrape_timeout: 10s + rule_files: + - /etc/config/recording_rules.yml + - /etc/config/alerting_rules.yml + - /etc/config/rules + - /etc/config/alerts + scrape_configs: + - job_name: "prometheus" + static_configs: + - targets: ["localhost:9090"] + - job_name: "zookeeper" + static_configs: + - targets: [ + "zookeeper:7778" + ] + relabel_configs: + - source_labels: [__address__] + target_label: hostname + regex: '([^:]+)(:[0-9]+)?' + replacement: '${1}' + - job_name: "kafka-broker" + static_configs: + - targets: [ + "kafka:7778" + ] + relabel_configs: + - source_labels: [__address__] + target_label: hostname + regex: '([^:]+)(:[0-9]+)?' + replacement: '${1}' + - job_name: "kafka-exporter" + static_configs: + - targets: [ + "kafka-exporter:9308" + ] + relabel_configs: + - source_labels: [__address__] + target_label: hostname + regex: '([^:]+)(:[0-9]+)?' + replacement: '${1}' + recording_rules.yml: | + {} + rules: | + {} diff --git a/resources/monitoring/prometheus/server/deploy.yaml b/resources/monitoring/prometheus/server/deploy.yaml new file mode 100644 index 0000000..a93fb42 --- /dev/null +++ b/resources/monitoring/prometheus/server/deploy.yaml @@ -0,0 +1,98 @@ +--- +# Source: prometheus/templates/server/deploy.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + component: "server" + app: prometheus + release: oso + chart: prometheus-14.6.0 + heritage: Helm + name: oso-prometheus-server + namespace: default +spec: + selector: + matchLabels: + component: "server" + app: prometheus + release: oso + replicas: 1 + template: + metadata: + labels: + component: "server" + app: prometheus + release: oso + chart: prometheus-14.6.0 + heritage: Helm + spec: + enableServiceLinks: true + serviceAccountName: oso-prometheus-server + containers: + - name: prometheus-server-configmap-reload + image: "jimmidyson/configmap-reload:v0.5.0" + imagePullPolicy: "IfNotPresent" + args: + - --volume-dir=/etc/config + - --webhook-url=http://127.0.0.1:9090/-/reload + resources: + {} + volumeMounts: + - name: config-volume + mountPath: /etc/config + readOnly: true + + - name: prometheus-server + image: "quay.io/prometheus/prometheus:v2.26.0" + imagePullPolicy: "IfNotPresent" + args: + - --storage.tsdb.retention.time=15d + - --config.file=/etc/config/prometheus.yml + - --storage.tsdb.path=/data + - --web.console.libraries=/etc/prometheus/console_libraries + - --web.console.templates=/etc/prometheus/consoles + - --web.enable-lifecycle + ports: + - containerPort: 9090 + readinessProbe: + httpGet: + path: /-/ready + port: 9090 + initialDelaySeconds: 30 + periodSeconds: 5 + timeoutSeconds: 4 + failureThreshold: 3 + successThreshold: 1 + livenessProbe: + httpGet: + path: /-/healthy + port: 9090 + initialDelaySeconds: 30 + periodSeconds: 15 + timeoutSeconds: 10 + failureThreshold: 3 + successThreshold: 1 + resources: + {} + volumeMounts: + - name: config-volume + mountPath: /etc/config + - name: storage-volume + mountPath: /data + subPath: "" + hostNetwork: false + dnsPolicy: ClusterFirst + securityContext: + fsGroup: 65534 + runAsGroup: 65534 + runAsNonRoot: true + runAsUser: 65534 + terminationGracePeriodSeconds: 300 + volumes: + - name: config-volume + configMap: + name: oso-prometheus-server + - name: storage-volume + persistentVolumeClaim: + claimName: oso-prometheus-server diff --git a/resources/monitoring/prometheus/server/kustomization.yaml b/resources/monitoring/prometheus/server/kustomization.yaml new file mode 100644 index 0000000..941397c --- /dev/null +++ b/resources/monitoring/prometheus/server/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- cm.yaml +- deploy.yaml +- pvc.yaml +- service.yaml \ No newline at end of file diff --git a/resources/monitoring/prometheus/server/pvc.yaml b/resources/monitoring/prometheus/server/pvc.yaml new file mode 100644 index 0000000..e067b55 --- /dev/null +++ b/resources/monitoring/prometheus/server/pvc.yaml @@ -0,0 +1,19 @@ +--- +# Source: prometheus/templates/server/pvc.yaml +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + component: "server" + app: prometheus + release: oso + chart: prometheus-14.6.0 + heritage: Helm + name: oso-prometheus-server + namespace: default +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: "8Gi" diff --git a/resources/monitoring/prometheus/server/service.yaml b/resources/monitoring/prometheus/server/service.yaml new file mode 100644 index 0000000..7fe17b5 --- /dev/null +++ b/resources/monitoring/prometheus/server/service.yaml @@ -0,0 +1,25 @@ +--- +# Source: prometheus/templates/server/service.yaml +apiVersion: v1 +kind: Service +metadata: + labels: + component: "server" + app: prometheus + release: oso + chart: prometheus-14.6.0 + heritage: Helm + name: oso-prometheus-server + namespace: default +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 9090 + selector: + component: "server" + app: prometheus + release: oso + sessionAffinity: None + type: "ClusterIP" diff --git a/resources/producers/4-producers-no-tls/alpha-producer-app.yaml b/resources/producers/4-producers-no-tls/alpha-producer-app.yaml new file mode 100644 index 0000000..eb6b7f8 --- /dev/null +++ b/resources/producers/4-producers-no-tls/alpha-producer-app.yaml @@ -0,0 +1,50 @@ +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: alpha-console-producer + namespace: sandbox +spec: + serviceName: alpha-console-producer + podManagementPolicy: Parallel + replicas: 1 + selector: + matchLabels: + app: alpha-console-producer + template: + metadata: + labels: + app: alpha-console-producer + spec: + containers: + - name: alpha-console-producer + image: confluentinc/cp-kafka:latest + command: + - /bin/sh + - -c + - | + kafka-producer-perf-test \ + --topic alpha-topic \ + --record-size 1024 \ + --throughput 500 \ + --producer.config /mnt/kafka.properties \ + --num-records 100000000 + volumeMounts: + - name: kafka-properties + mountPath: /mnt + resources: + requests: + memory: 512Mi # 768Mi + cpu: 500m # 1000m + volumes: + - name: kafka-properties # Create secret with name `kafka-client-config` with client configurations + secret: + secretName: kafka-client-config +--- +apiVersion: v1 +kind: Service +metadata: + name: alpha-console-producer + namespace: sandbox +spec: + clusterIP: None \ No newline at end of file diff --git a/resources/producers/4-producers-no-tls/bravo-producer-app.yaml b/resources/producers/4-producers-no-tls/bravo-producer-app.yaml new file mode 100644 index 0000000..8f7c311 --- /dev/null +++ b/resources/producers/4-producers-no-tls/bravo-producer-app.yaml @@ -0,0 +1,50 @@ +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: bravo-console-producer + namespace: sandbox +spec: + serviceName: bravo-console-producer + podManagementPolicy: Parallel + replicas: 1 + selector: + matchLabels: + app: bravo-console-producer + template: + metadata: + labels: + app: bravo-console-producer + spec: + containers: + - name: bravo-console-producer + image: confluentinc/cp-kafka:latest + command: + - /bin/sh + - -c + - | + kafka-producer-perf-test \ + --topic bravo-topic \ + --record-size 512 \ + --throughput 5 \ + --producer.config /mnt/kafka.properties \ + --num-records 100000 + volumeMounts: + - name: kafka-properties + mountPath: /mnt + resources: + requests: + memory: 512Mi # 768Mi + cpu: 500m # 1000m + volumes: + - name: kafka-properties # Create secret with name `kafka-client-config` with client configurations + secret: + secretName: kafka-client-config +--- +apiVersion: v1 +kind: Service +metadata: + name: bravo-console-producer + namespace: sandbox +spec: + clusterIP: None \ No newline at end of file diff --git a/resources/producers/4-producers-no-tls/charlie-producer-app.yaml b/resources/producers/4-producers-no-tls/charlie-producer-app.yaml new file mode 100644 index 0000000..6735ade --- /dev/null +++ b/resources/producers/4-producers-no-tls/charlie-producer-app.yaml @@ -0,0 +1,50 @@ +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: charlie-console-producer + namespace: sandbox +spec: + serviceName: charlie-console-producer + podManagementPolicy: Parallel + replicas: 1 + selector: + matchLabels: + app: charlie-console-producer + template: + metadata: + labels: + app: charlie-console-producer + spec: + containers: + - name: charlie-console-producer + image: confluentinc/cp-kafka:latest + command: + - /bin/sh + - -c + - | + kafka-producer-perf-test \ + --topic charlie-topic \ + --record-size 1024 \ + --throughput 10 \ + --producer.config /mnt/kafka.properties \ + --num-records 100000 + volumeMounts: + - name: kafka-properties + mountPath: /mnt + resources: + requests: + memory: 512Mi # 768Mi + cpu: 500m # 1000m + volumes: + - name: kafka-properties # Create secret with name `kafka-client-config` with client configurations + secret: + secretName: kafka-client-config +--- +apiVersion: v1 +kind: Service +metadata: + name: charlie-console-producer + namespace: sandbox +spec: + clusterIP: None \ No newline at end of file diff --git a/resources/producers/4-producers-no-tls/delta-producer-app.yaml b/resources/producers/4-producers-no-tls/delta-producer-app.yaml new file mode 100644 index 0000000..180f0ab --- /dev/null +++ b/resources/producers/4-producers-no-tls/delta-producer-app.yaml @@ -0,0 +1,50 @@ +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: delta-console-producer + namespace: sandbox +spec: + serviceName: delta-console-producer + podManagementPolicy: Parallel + replicas: 1 + selector: + matchLabels: + app: delta-console-producer + template: + metadata: + labels: + app: delta-console-producer + spec: + containers: + - name: delta-console-producer + image: confluentinc/cp-kafka:latest + command: + - /bin/sh + - -c + - | + kafka-producer-perf-test \ + --topic delta-topic \ + --record-size 32 \ + --throughput 99 \ + --producer.config /mnt/kafka.properties \ + --num-records 1000000 + volumeMounts: + - name: kafka-properties + mountPath: /mnt + resources: + requests: + memory: 512Mi # 768Mi + cpu: 500m # 1000m + volumes: + - name: kafka-properties # Create secret with name `kafka-client-config` with client configurations + secret: + secretName: kafka-client-config +--- +apiVersion: v1 +kind: Service +metadata: + name: delta-console-producer + namespace: sandbox +spec: + clusterIP: None \ No newline at end of file diff --git a/resources/producers/4-producers-no-tls/generate_propery.sh b/resources/producers/4-producers-no-tls/generate_propery.sh new file mode 100755 index 0000000..00e4a7a --- /dev/null +++ b/resources/producers/4-producers-no-tls/generate_propery.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +kubectl create secret generic kafka-client-config \ +--from-file=kafka.properties=./kafka.properties \ +--dry-run=client --output=yaml > ./kafka-client-config.yaml \ No newline at end of file diff --git a/resources/producers/4-producers-no-tls/kafka-client-config.yaml b/resources/producers/4-producers-no-tls/kafka-client-config.yaml new file mode 100644 index 0000000..8e2f3e3 --- /dev/null +++ b/resources/producers/4-producers-no-tls/kafka-client-config.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + kafka.properties: Ym9vdHN0cmFwLnNlcnZlcnM9a2Fma2E6OTA3MQoK +kind: Secret +metadata: + creationTimestamp: null + name: kafka-client-config diff --git a/resources/producers/4-producers-no-tls/kafka.properties b/resources/producers/4-producers-no-tls/kafka.properties new file mode 100644 index 0000000..b36592d --- /dev/null +++ b/resources/producers/4-producers-no-tls/kafka.properties @@ -0,0 +1,2 @@ +bootstrap.servers=kafka:9071 + diff --git a/resources/producers/4-producers-no-tls/kustomization.yaml b/resources/producers/4-producers-no-tls/kustomization.yaml new file mode 100644 index 0000000..668e9ad --- /dev/null +++ b/resources/producers/4-producers-no-tls/kustomization.yaml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: sandbox +resources: +- source-topic.yaml +- kafka-client-config.yaml +- alpha-producer-app.yaml +- bravo-producer-app.yaml +- charlie-producer-app.yaml +- delta-producer-app.yaml diff --git a/resources/producers/4-producers-no-tls/source-topic.yaml b/resources/producers/4-producers-no-tls/source-topic.yaml new file mode 100644 index 0000000..14b4a76 --- /dev/null +++ b/resources/producers/4-producers-no-tls/source-topic.yaml @@ -0,0 +1,48 @@ +--- +apiVersion: platform.confluent.io/v1beta1 +kind: KafkaTopic +metadata: + name: alpha-topic +spec: + replicas: 2 + partitionCount: 2 + kafkaRest: + endpoint: http://kafka:8090 + configs: + cleanup.policy: "delete" +--- +apiVersion: platform.confluent.io/v1beta1 +kind: KafkaTopic +metadata: + name: bravo-topic +spec: + replicas: 2 + partitionCount: 3 + kafkaRest: + endpoint: http://kafka:8090 + configs: + cleanup.policy: "delete" +--- +apiVersion: platform.confluent.io/v1beta1 +kind: KafkaTopic +metadata: + name: charlie-topic +spec: + replicas: 2 + partitionCount: 4 + kafkaRest: + endpoint: http://kafka:8090 + configs: + cleanup.policy: "delete" +--- +apiVersion: platform.confluent.io/v1beta1 +kind: KafkaTopic +metadata: + name: delta-topic +spec: + replicas: 2 + partitionCount: 7 + kafkaRest: + endpoint: http://kafka:8090 + configs: + cleanup.policy: "delete" \ No newline at end of file diff --git a/resources/producers/alpha-topic-no-tls/alpha-producer-app.yaml b/resources/producers/alpha-topic-no-tls/alpha-producer-app.yaml new file mode 100644 index 0000000..0841e12 --- /dev/null +++ b/resources/producers/alpha-topic-no-tls/alpha-producer-app.yaml @@ -0,0 +1,50 @@ +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: alpha-console-producer + namespace: sandbox +spec: + serviceName: alpha-console-producer + podManagementPolicy: Parallel + replicas: 1 + selector: + matchLabels: + app: alpha-console-producer + template: + metadata: + labels: + app: alpha-console-producer + spec: + containers: + - name: alpha-console-producer + image: confluentinc/cp-kafka:latest + command: + - /bin/sh + - -c + - | + kafka-producer-perf-test \ + --topic alpha-topic \ + --record-size 1024 \ + --throughput -1 \ + --producer.config /mnt/kafka.properties \ + --num-records 100000000 + volumeMounts: + - name: kafka-properties + mountPath: /mnt + resources: + requests: + memory: 512Mi # 768Mi + cpu: 500m # 1000m + volumes: + - name: kafka-properties # Create secret with name `kafka-client-config` with client configurations + secret: + secretName: kafka-client-config +--- +apiVersion: v1 +kind: Service +metadata: + name: alpha-console-producer + namespace: sandbox +spec: + clusterIP: None \ No newline at end of file diff --git a/resources/producers/alpha-topic-no-tls/generate_propery.sh b/resources/producers/alpha-topic-no-tls/generate_propery.sh new file mode 100755 index 0000000..00e4a7a --- /dev/null +++ b/resources/producers/alpha-topic-no-tls/generate_propery.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +kubectl create secret generic kafka-client-config \ +--from-file=kafka.properties=./kafka.properties \ +--dry-run=client --output=yaml > ./kafka-client-config.yaml \ No newline at end of file diff --git a/resources/producers/alpha-topic-no-tls/kafka-client-config.yaml b/resources/producers/alpha-topic-no-tls/kafka-client-config.yaml new file mode 100644 index 0000000..8e2f3e3 --- /dev/null +++ b/resources/producers/alpha-topic-no-tls/kafka-client-config.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + kafka.properties: Ym9vdHN0cmFwLnNlcnZlcnM9a2Fma2E6OTA3MQoK +kind: Secret +metadata: + creationTimestamp: null + name: kafka-client-config diff --git a/resources/producers/alpha-topic-no-tls/kafka.properties b/resources/producers/alpha-topic-no-tls/kafka.properties new file mode 100644 index 0000000..b36592d --- /dev/null +++ b/resources/producers/alpha-topic-no-tls/kafka.properties @@ -0,0 +1,2 @@ +bootstrap.servers=kafka:9071 + diff --git a/resources/producers/alpha-topic-no-tls/kustomization.yaml b/resources/producers/alpha-topic-no-tls/kustomization.yaml new file mode 100644 index 0000000..668e9ad --- /dev/null +++ b/resources/producers/alpha-topic-no-tls/kustomization.yaml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: sandbox +resources: +- source-topic.yaml +- kafka-client-config.yaml +- alpha-producer-app.yaml +- bravo-producer-app.yaml +- charlie-producer-app.yaml +- delta-producer-app.yaml diff --git a/resources/producers/alpha-topic-no-tls/source-topic.yaml b/resources/producers/alpha-topic-no-tls/source-topic.yaml new file mode 100644 index 0000000..a3000ff --- /dev/null +++ b/resources/producers/alpha-topic-no-tls/source-topic.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: platform.confluent.io/v1beta1 +kind: KafkaTopic +metadata: + name: alpha-topic +spec: + replicas: 2 + partitionCount: 2 + kafkaRest: + endpoint: http://kafka:8090 + configs: + cleanup.policy: "delete" diff --git a/scripts/update_helm.sh b/scripts/update_helm.sh new file mode 100755 index 0000000..e686337 --- /dev/null +++ b/scripts/update_helm.sh @@ -0,0 +1,36 @@ +#!/bin/bash + + +export APP_VERSION=2.3.0 +export CHART_VERSION=0.435.11 +#export APP_VERSION=2.2.1 +#export CHART_VERSION=0.304.17 +#export APP_VERSION=2.2.0 +#export CHART_VERSION=0.304.2 +#export APP_VERSION=2.1.1 +#export CHART_VERSION=0.280.22 +#export APP_VERSION=2.1.0 +#export CHART_VERSION=0.280.1 +#export APP_VERSION=2.0.4 +#export CHART_VERSION=0.174.34 +#export APP_VERSION=2.0.3 +#export CHART_VERSION=0.174.25 +#export APP_VERSION=2.0.2 +#export CHART_VERSION=0.174.21 +#export APP_VERSION=2.0.1 +#export CHART_VERSION=0.174.13 +#export APP_VERSION=2.0.0 +#export CHART_VERSION=0.174.6 + + +helm repo add confluentinc https://packages.confluent.io/helm +helm repo update +helm search repo confluent --versions +helm template confluentinc/confluent-for-kubernetes --version $CHART_VERSION --include-crds --set namespaced=false --output-dir . +mkdir -p ../base/cfk-base/$APP_VERSION/crds +mkdir -p ../base/cfk-base/$APP_VERSION/templates +ln -s ./$APP_VERSION ../base/cfk-base/latest + +mv confluent-for-kubernetes/crds/* ../base/cfk-base/$APP_VERSION/crds +mv confluent-for-kubernetes/templates/* ../base/cfk-base/$APP_VERSION/templates +rm -R confluent-for-kubernetes \ No newline at end of file diff --git a/stable/argo-cd/README.md b/stable/argo-cd/README.md new file mode 100644 index 0000000..fb84f68 --- /dev/null +++ b/stable/argo-cd/README.md @@ -0,0 +1,29 @@ +# ArgoCD / Sealed Secrets +This example shows how an argoCD configuration that would allow for a GitOPS deployment for CFK. + +## Features + +| Feature | Enabled | Note | +|:----------------|:-------:|:-------------------------| +| Kafka/Zookeeper | ✅ | | +| Control Center | ✅ | | +| Connect | ❌ | | +| Schema Registry | ❌ | | +| KSQL | ❌ | | +| TLS Encryption | ✅ | Self-signed certificates | +| Authentication | ✅ | | +| Authorization | ✅ | via LDAP | +| ArgoCD | ✅ | | + + +### NOTE: You will likely need to run the `kubectl apply -k` command twice as there is a dependency on the CRDs for ArgoCD. + +### Obtain initial argoCD admin secret +``` +kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d; echo +``` + +### Access ArgoCD +Port forward the argocd-server on port 8080 to your localhost. You can log onto the web UI with the credentials 'admin' and password acquired above. + +After ArgoCD gets up and running, you will start to see a cluster deployed. Pay attention to the kustomize.yaml; note how we are not actually deploying the Kafka from the YAML locally, it as actually reaching out to GIT via the ArgoCD Apps. diff --git a/incubator/argo-cd/argo-apps/confluent-dev.yaml b/stable/argo-cd/argo-apps/confluent-dev.yaml similarity index 100% rename from incubator/argo-cd/argo-apps/confluent-dev.yaml rename to stable/argo-cd/argo-apps/confluent-dev.yaml diff --git a/incubator/argo-cd/argo-apps/confluent-prod.yaml b/stable/argo-cd/argo-apps/confluent-prod.yaml similarity index 100% rename from incubator/argo-cd/argo-apps/confluent-prod.yaml rename to stable/argo-cd/argo-apps/confluent-prod.yaml diff --git a/incubator/argo-cd/argo-apps/confluent-test.yaml b/stable/argo-cd/argo-apps/confluent-test.yaml similarity index 100% rename from incubator/argo-cd/argo-apps/confluent-test.yaml rename to stable/argo-cd/argo-apps/confluent-test.yaml diff --git a/incubator/argo-cd/argo-apps/kustomization.yaml b/stable/argo-cd/argo-apps/kustomization.yaml similarity index 90% rename from incubator/argo-cd/argo-apps/kustomization.yaml rename to stable/argo-cd/argo-apps/kustomization.yaml index 0a5af12..38ee35a 100644 --- a/incubator/argo-cd/argo-apps/kustomization.yaml +++ b/stable/argo-cd/argo-apps/kustomization.yaml @@ -4,7 +4,7 @@ namespace: argocd resources: - confluent-dev.yaml #- confluent-prod.yaml -- confluent-test.yaml +#- confluent-test.yaml - ldap.yaml - operator.yaml - operator-repo.yaml diff --git a/incubator/argo-cd/argo-apps/ldap.yaml b/stable/argo-cd/argo-apps/ldap.yaml similarity index 100% rename from incubator/argo-cd/argo-apps/ldap.yaml rename to stable/argo-cd/argo-apps/ldap.yaml diff --git a/incubator/argo-cd/argo-apps/operator-repo.yaml b/stable/argo-cd/argo-apps/operator-repo.yaml similarity index 100% rename from incubator/argo-cd/argo-apps/operator-repo.yaml rename to stable/argo-cd/argo-apps/operator-repo.yaml diff --git a/incubator/argo-cd/argo-apps/operator.yaml b/stable/argo-cd/argo-apps/operator.yaml similarity index 100% rename from incubator/argo-cd/argo-apps/operator.yaml rename to stable/argo-cd/argo-apps/operator.yaml diff --git a/incubator/argo-cd/argo-cd/argocd.yaml b/stable/argo-cd/argo-cd/argocd.yaml similarity index 100% rename from incubator/argo-cd/argo-cd/argocd.yaml rename to stable/argo-cd/argo-cd/argocd.yaml diff --git a/incubator/argo-cd/argo-cd/kustomization.yaml b/stable/argo-cd/argo-cd/kustomization.yaml similarity index 100% rename from incubator/argo-cd/argo-cd/kustomization.yaml rename to stable/argo-cd/argo-cd/kustomization.yaml diff --git a/incubator/argo-cd/environments/base/confluent/connect.yaml b/stable/argo-cd/environments/base/confluent/connect.yaml similarity index 100% rename from incubator/argo-cd/environments/base/confluent/connect.yaml rename to stable/argo-cd/environments/base/confluent/connect.yaml diff --git a/incubator/argo-cd/environments/base/confluent/control-centre.yaml b/stable/argo-cd/environments/base/confluent/control-centre.yaml similarity index 100% rename from incubator/argo-cd/environments/base/confluent/control-centre.yaml rename to stable/argo-cd/environments/base/confluent/control-centre.yaml diff --git a/incubator/argo-cd/environments/base/confluent/kafka.yaml b/stable/argo-cd/environments/base/confluent/kafka.yaml similarity index 100% rename from incubator/argo-cd/environments/base/confluent/kafka.yaml rename to stable/argo-cd/environments/base/confluent/kafka.yaml diff --git a/incubator/argo-cd/environments/base/confluent/ksqldb.yaml b/stable/argo-cd/environments/base/confluent/ksqldb.yaml similarity index 100% rename from incubator/argo-cd/environments/base/confluent/ksqldb.yaml rename to stable/argo-cd/environments/base/confluent/ksqldb.yaml diff --git a/incubator/argo-cd/environments/base/confluent/kustomization.yaml b/stable/argo-cd/environments/base/confluent/kustomization.yaml similarity index 100% rename from incubator/argo-cd/environments/base/confluent/kustomization.yaml rename to stable/argo-cd/environments/base/confluent/kustomization.yaml diff --git a/incubator/replicator/source/rest-class.yaml b/stable/argo-cd/environments/base/confluent/rest-class.yaml similarity index 81% rename from incubator/replicator/source/rest-class.yaml rename to stable/argo-cd/environments/base/confluent/rest-class.yaml index 56ea65d..6b27d1f 100644 --- a/incubator/replicator/source/rest-class.yaml +++ b/stable/argo-cd/environments/base/confluent/rest-class.yaml @@ -7,4 +7,4 @@ spec: authentication: type: bearer bearer: - secretRef: rest-credential \ No newline at end of file + secretRef: sealed-credential diff --git a/incubator/argo-cd/environments/base/confluent/restproxy.yaml b/stable/argo-cd/environments/base/confluent/restproxy.yaml similarity index 100% rename from incubator/argo-cd/environments/base/confluent/restproxy.yaml rename to stable/argo-cd/environments/base/confluent/restproxy.yaml diff --git a/incubator/argo-cd/environments/base/confluent/schema-registry.yaml b/stable/argo-cd/environments/base/confluent/schema-registry.yaml similarity index 100% rename from incubator/argo-cd/environments/base/confluent/schema-registry.yaml rename to stable/argo-cd/environments/base/confluent/schema-registry.yaml diff --git a/incubator/argo-cd/environments/base/confluent/zookeeper.yaml b/stable/argo-cd/environments/base/confluent/zookeeper.yaml similarity index 100% rename from incubator/argo-cd/environments/base/confluent/zookeeper.yaml rename to stable/argo-cd/environments/base/confluent/zookeeper.yaml diff --git a/stable/argo-cd/environments/base/kustomization.yaml b/stable/argo-cd/environments/base/kustomization.yaml new file mode 100644 index 0000000..1b41bd0 --- /dev/null +++ b/stable/argo-cd/environments/base/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - secrets + - confluent + diff --git a/stable/argo-cd/environments/base/secrets/ca-pair-sslcerts.yaml b/stable/argo-cd/environments/base/secrets/ca-pair-sslcerts.yaml new file mode 100644 index 0000000..491e1f6 --- /dev/null +++ b/stable/argo-cd/environments/base/secrets/ca-pair-sslcerts.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURtRENDQW9DZ0F3SUJBZ0lVSEZEYWdiZ0Y4bTg0NzhoUEJpTktGOGI5MHVzd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1pERVJNQThHQTFVRUJoTUlWVzVwZG1WeWMyVXhEekFOQmdOVkJBZ1RCbEJoYm1kbFlURU9NQXdHQTFVRQpCeE1GUldGeWRHZ3hEVEFMQmdOVkJBb1RCRUZqYldVeERqQU1CZ05WQkFzVEJVMTVUM0puTVE4d0RRWURWUVFECkV3WlVaWE4wUTBFd0hoY05NakV3T0RFMk1USXhPREF3V2hjTk1qWXdPREUxTVRJeE9EQXdXakJrTVJFd0R3WUQKVlFRR0V3aFZibWwyWlhKelpURVBNQTBHQTFVRUNCTUdVR0Z1WjJWaE1RNHdEQVlEVlFRSEV3VkZZWEowYURFTgpNQXNHQTFVRUNoTUVRV050WlRFT01Bd0dBMVVFQ3hNRlRYbFBjbWN4RHpBTkJnTlZCQU1UQmxSbGMzUkRRVENDCkFTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBSzZ6NzJNbithSElYZ1RkODVqdi8rMm4KT0daQU9ITWhOQ2J2V1Y1cWVlTlgwaXZIZVhtRkF4TmFSc2ZKbGhOUllpTVRLRTRoUjZreTdEUWxFbVZLQ1g0cwpnaExYZ28wU3pUV3BhNkltcmFIbnplQWhob1gyaWxFdjRvUVVxMVFDdHhRd0NhVmxLYXhCM1pLNExzVVFuZlRqClBFL3JtQURwd2UxSjlteWxLeDJuNEl1V2NNRjE5dlBFdjc4dTdXU0FDNUQzdXVjTUwwRzByZys3K0srTXRQV1EKSk9UcWp2MHR6RGt4UXg0NmVlL042eFI0czdKbVRHc29SeC9KRDVOVUozNTJYYTFrNHhSUVltRnJ0U0V4UTBPUgpWSVNhYnQ2ZzA5L1NqQ0JrQTRWb0NoazBXL0o0K0k1VGR0clh0ZUpaTVBrWlhKMkxvS3hXM0NCVW0vRG9xUXNDCkF3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0VHTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3SFFZRFZSME8KQkJZRUZOSFRzcEFlcURDVFUwMDB5SGU0ZzlEMURrcXNNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUF3VFErOApzTExxbURpV2RSeTZrOThyWWpPR3RXVW10ZWVSNDhNRWxQR3RSZ3BLWFhjcTBaSnd5ZHd3VTVZKzhuL3lyYW5UCmQzUWxEOWR5MDlZNHhYbDFkR2FhbWw0ZXE4cFZWQm04WE9kVkNaWnR3WjNHQ0I1NFdrQ2RHdnFIS3hnclVzb1IKMC9UYU15TVNXbmZMdk9XNHhLOXpQanAxYUc1eDdGeFJybW5OVjRUTHE5UFpOa3krK3Y2Y2dyNTF4OXdPOVNHaQpGTHBJOE9yTkdVeWxuZGhVMGFYSzRnZUFwZXh2cEJDNjdqY1Y4Nmo4emxKNkJaMnRRQXA0ZDFBeGVVQjROdmVsCmg3TFRCS0toemRER2lWUTFWYStoR1pGaE1GeXUxTzUrbVhzaUFwOTc1UEZ2S1pLMWJaeC90WjdMZjRSdXZpUjgKRHBQRUpMT2c1TXpQb2FFLwotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBcnJQdll5ZjVvY2hlQk4zem1PLy83YWM0WmtBNGN5RTBKdTlaWG1wNTQxZlNLOGQ1CmVZVURFMXBHeDhtV0UxRmlJeE1vVGlGSHFUTHNOQ1VTWlVvSmZpeUNFdGVDalJMTk5hbHJvaWF0b2VmTjRDR0cKaGZhS1VTL2loQlNyVkFLM0ZEQUpwV1VwckVIZGtyZ3V4UkNkOU9NOFQrdVlBT25CN1VuMmJLVXJIYWZnaTVadwp3WFgyODhTL3Z5N3RaSUFMa1BlNjV3d3ZRYlN1RDd2NHI0eTA5WkFrNU9xTy9TM01PVEZESGpwNTc4M3JGSGl6CnNtWk1heWhISDhrUGsxUW5mblpkcldUakZGQmlZV3UxSVRGRFE1RlVoSnB1M3FEVDM5S01JR1FEaFdnS0dUUmIKOG5qNGpsTjIydGUxNGxrdytSbGNuWXVnckZiY0lGU2I4T2lwQ3dJREFRQUJBb0lCQUg1T2pTYXRRaWdiaXc0Tgp3ZzZ5aGVBMlkrcFpSL2JFN01XeGluVmVtZDBxSTBPUHBsMmJNd3dNMnR1YS9TdmVUUXQ2MEVzY2VJajF6aHd0CktVMmQ1NXNYWnJ0a29IaUtQVjhzckNyQnVBczBZbjVHL3RGZjI4U3kwQndhTFh4QnNrZWdLM2t1MktBM3hwQkwKSlZWSW5FcnU5eTM0OFI3SDRuTkNaQzFNaFEyY25SeFluc0Y0c2JxYWtvVHhMa08waTh3OXIwSXIwKzZIK0tJLwpjeUFWaWJuUi80L2VxODh0UDRhT0RrazZ0cUsweTk2S2ZqTEdpbGdsWW9CemUyK1AvNHhrSHlJYXZHd3ZCdllNCkgrc042OGhNbnhXbzg0cVp1RENROWJkOTA3MFV2d1NOc2ZNNkRBL3NBYWVTb0VSeHE4Z0xpSlhXZVZXQ3JNKzEKMFdrQTZJRUNnWUVBNXR4dStTZk0ra2NtM1hoMitKUWlIeERVNC9oankvYlBpV2k2d3ZjR2tFVksvRGQxZHlWQwprYUVjT05oblBFNytCZ21YbWVQdno3dG9nTmtrK2FncGY4L1JQVmFvNUQxemZSNkZESGU5QnBWWjRxUDdzYzk4CjFHRC9vVzFDaWVvUmVyQVlMM1BVWktIZ0g1a0ltR21ZR3owSUVxa0ZzeHl5bG4vVkc1T2ZoT0VDZ1lFQXdib0QKOUJKWGwxK3dUVHdPRE9KclFzZlFUc0lxR1pzZUtMYlM3cGwvT29mUWxCd0ZYN0VrV0RFejE4ZjV1MUEvUnhaSApCeUNTY2tiZW5GbXhFR0Zpa2Foc05EaGhzRWw3blpveDlDcWJFWXJwY08rUWRTTmlSSDBralpLdTladnd6VERxCmhMclV4b2Irbm5WdFFqenZCNmYrZThCc052UkJIY1hxUkhQZy8yc0NnWUFmaHY4SXU2eThpVGIvaTlJRGhJZGMKWXJvUUgvM1Evdlc4dURhNUpXOGFDTHlDMFRnVGUxMHA4aXllZnI4cWQwY3RuK1c2T0d5cG05aGJzRXZpWkZxMgpmN1Q5Z1hZekpVaytUd3F3ZHpHelVuWWlBMjcrQzIzcXV3eHVDVFBMRGRJeFJSY29jOU1Qb3lPdWJRSEZmcll0CkVocW1JYnNMaU9IQ3Q5WnNtNjV2UVFLQmdEa0tyWmxUUVVsSUdxQlRPNHZkcTFtSmZqT0NobVR0d0s2YVRuZUUKNk9weURSOWZOTkhkVmVkRjdZN3V5Z0MyZXp0U091M0ZVSG1ubG1xUkdrckpjZjJUaXZEQlhUcE1HTUxxSVNWVQoyajRMR2Z0di9xZ1BHQ00wZWV2WnNmeU53eFNYLzZXL1lXRm5aRmVDR2Y2ejlHbmJ0Rm41NmFNd3ZtK20wL2o5CjZkVXJBb0dCQUt2a0UrcnQ4MldRbjQydTNaei9aa3RMNHhLM3FKU3lDR0kycnpPQUtDTm92M1FPWlpiVVdqTDAKaTBYeVA5dFRDMnJYRDhZelVUblYzbUM5YjlGUkI5UFZ4OHY0OTllQjJaYTNiY29CRERpVU9VT0NsTlc5VElqWgpFNnFCSm5aY21QTllqZXl3UFE3aFFhbU1NUnA1MWlOeUVZYTVGOXFuU3hhcUN1cjRsaUN6Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== +kind: Secret +metadata: + name: ca-pair-sslcerts +type: kubernetes.io/tls diff --git a/incubator/argo-cd/environments/base/secrets/kustomization.yaml b/stable/argo-cd/environments/base/secrets/kustomization.yaml similarity index 100% rename from incubator/argo-cd/environments/base/secrets/kustomization.yaml rename to stable/argo-cd/environments/base/secrets/kustomization.yaml diff --git a/stable/argo-cd/environments/base/secrets/mds-public.yaml b/stable/argo-cd/environments/base/secrets/mds-public.yaml new file mode 100644 index 0000000..a74258c --- /dev/null +++ b/stable/argo-cd/environments/base/secrets/mds-public.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + mdsTokenKeyPair.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBd015am5QNHFmZFRLaENTNXNQYlZxaVhWeVExNXdyZVZBc0VxRXNuTUZ0Mkp0TUwxCjNFTE9RMnN6V241N1d6dTc4MmJ5RXRZRmxGM1RvVlczY2w0ZE9KUnphU0VRNnhlMTBSL2k3VG5lSXRFUWZwSnIKLzJMNGJ1YnVRUkdOZS9LckxNRTBpdnI5dTRJRWJiUlMrbHR1NkE5Z2d6R2NhRFN4Vi9leUtNTlBhZEhRL0FONApCWmlqQWVLWmNEVGp6NmJIako2RVEzWU5ncXluODQ2cmVRazlUb0habDhiR0hPaHo1Qzd5b0lmc3haZ1lIbG54CjZKR3NpVVo1UDM2V0djMzhaSUIvbTQ1bzhjdjRpZlVWUFVCMElRUTlBaFlJNVp1TXJ4RHNSUERYMkdHNkU1YlcKMnZxRFd5cVhPWTdjU29JN0Fpa0Zkd0FUVzRSdjdldUVKVXl6TndJREFRQUJBb0lCQVFDS3pJaFpoSTE0cTFIawprai93eTdNRTNGb3RkUHNjbUdlNVpQRHlONzhyRXZDSlp2WHpUVkVMTGtqNU5DZUFoZCtJbXF0WnJpUzBMRndvClFQcGhacW5veXM3UGQ1T2pmQjFUNFgzUVJTSEx0UEVIL2tlcncwZVJKOFdNcUtOUUFXTUVSRStjWXBkNmYxN0sKejlBUkZ2UWdNcm5MbVZLOW5ubXlGOHQyRnkyN3dxVVZCbVlYWC9tK25lLysyUzRQTzhac1BkM3dZMlk5UjhMVgp1ZmJIQytIMkV4QThuRTR6dGVmZzl6UHluMXdNaS9HTVVnMVdpQ1QzQjJ1M0Nac1dhWkp6Vkl0VDZ0N3FuQVpKClh6a2dOcElIbjltV3V3aDhreGdNZDZzeERSQU9ENWlQZDZhOWkwb0xTYVMzLzBMRGV6VUxDMFZoVFB5M0cyb1IKQTBBSmVPblJBb0dCQVBWMXV6MXBQSkF0ZW1yOHdMaUtoUU9lOGpBc3h0blN6VjhGcWQxMXFKWWduaWh3YWkrWQprNDRoT0ovMDIvNnd5cTQ5RmhNR21reUZXdjVkVURFUkdWN01jWFA2YkVmWTVjMVArUGRSVUFtNUg1bmVmMzd6Ck5SOWY3b2lmVjNqKzQ5dXkyVmZVUUNyL2grVCt5d3pBb2MwaVp5WUdhSTF3aktYUXIzKzFvNTV2QW9HQkFNa1UKQnEySWFJRHdvbUJnUUNLUWpDeS9BTmpRMzJ5TUFHSGYvbUUzMlJURnB1NVNaRUxlOXlyR1FyM3hIRnRROWFRTApWdjVQMDl3WmZiNElPZHAvM3d3SE1xRmpOak5kRzhzdzdSeU5TK3dmUUd1OHYxR2ZZc3N1QnVYaTl2MFhHWEZICldlbk5RRVVQYmliUmJvY0o5Mk9KVEpLNFAvczV2djEzMkhEUi9wdTVBb0dCQUorWThTbTQ1endIbGZWQ2FqeVQKTkhGcVE2YTNOb1FpNEkzTUxPcGx1andDOFZMeDVOa1ZwN3RlTm1jcTJtLzdtNDAzQXNkVUg3ZHBiZ1M5djRwbgp4OHN2dXdUaDZzMjhaWTdkVk0vWit1U1hqY2lLTnZQZ1JzWWpwZ0VIT2VUZU5tRi9KSHBLODM0QnIrWmhGTDB4Cjh3SmlRQmNsUzQzTGhHZThES0JKQmgzWkFvR0FONWJIdWRYS1BrdElPS2lqVW1ydnRiY2dQdENQMCt4b2RxWjgKSnRoUHRVUm5QOStiUkRscnozRjhKaEt3S2phWmtqNW9VR28xUWRYeVEwVDI2WWNNWE1Eb3FHRkxMS3dDOFF1WApvWnNXY0RLN2xvMVp2dkQzV1FCaWU4OWhSTnJMOTlzbjZsRUtBWTJnZ0M3S0JaOGx1MmpMdUl3amRBcWsyR0gzCmZra3Z3RkVDZ1lBeVhqNXo2Q09QSURKMUUxVkxySml3MVlCWGFhN1pMazVFcHczUXZDTTdoVEtTRmJ1U053c3AKRXVMbU03Zzh3TVBaQWJ6cy9SUU9hZjlJaEUveDUzZE8ySW1rNVBBUmFvRXNTRmpORDRkcFZIYUtlbTJjQm9tdAp4NXEwU3FVVnE2eHY0MjIxM2dsQlFNREo0cVFYVHJzRUJkcE55bnY3b1ZlWFh3Y2FPVFVhQnc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQ== + mdsPublicKey.pem: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF3TXlqblA0cWZkVEtoQ1M1c1BiVgpxaVhWeVExNXdyZVZBc0VxRXNuTUZ0Mkp0TUwxM0VMT1Eyc3pXbjU3V3p1NzgyYnlFdFlGbEYzVG9WVzNjbDRkCk9KUnphU0VRNnhlMTBSL2k3VG5lSXRFUWZwSnIvMkw0YnVidVFSR05lL0tyTE1FMGl2cjl1NElFYmJSUytsdHUKNkE5Z2d6R2NhRFN4Vi9leUtNTlBhZEhRL0FONEJaaWpBZUtaY0RUano2YkhqSjZFUTNZTmdxeW44NDZyZVFrOQpUb0habDhiR0hPaHo1Qzd5b0lmc3haZ1lIbG54NkpHc2lVWjVQMzZXR2MzOFpJQi9tNDVvOGN2NGlmVVZQVUIwCklRUTlBaFlJNVp1TXJ4RHNSUERYMkdHNkU1YlcydnFEV3lxWE9ZN2NTb0k3QWlrRmR3QVRXNFJ2N2V1RUpVeXoKTndJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0t +kind: Secret +metadata: + creationTimestamp: null + name: mds-public diff --git a/incubator/argo-cd/environments/base/secrets/sealed-credential-source.yaml b/stable/argo-cd/environments/base/secrets/sealed-credential-source.yaml similarity index 100% rename from incubator/argo-cd/environments/base/secrets/sealed-credential-source.yaml rename to stable/argo-cd/environments/base/secrets/sealed-credential-source.yaml diff --git a/incubator/argo-cd/environments/base/secrets/sealed-credential.yaml b/stable/argo-cd/environments/base/secrets/sealed-credential.yaml similarity index 100% rename from incubator/argo-cd/environments/base/secrets/sealed-credential.yaml rename to stable/argo-cd/environments/base/secrets/sealed-credential.yaml diff --git a/incubator/argo-cd/environments/dev/connect.yaml b/stable/argo-cd/environments/dev/connect.yaml similarity index 100% rename from incubator/argo-cd/environments/dev/connect.yaml rename to stable/argo-cd/environments/dev/connect.yaml diff --git a/incubator/argo-cd/environments/dev/control-centre.yaml b/stable/argo-cd/environments/dev/control-centre.yaml similarity index 100% rename from incubator/argo-cd/environments/dev/control-centre.yaml rename to stable/argo-cd/environments/dev/control-centre.yaml diff --git a/incubator/argo-cd/environments/dev/kafka.yaml b/stable/argo-cd/environments/dev/kafka.yaml similarity index 100% rename from incubator/argo-cd/environments/dev/kafka.yaml rename to stable/argo-cd/environments/dev/kafka.yaml diff --git a/incubator/argo-cd/environments/dev/ksqldb.yaml b/stable/argo-cd/environments/dev/ksqldb.yaml similarity index 100% rename from incubator/argo-cd/environments/dev/ksqldb.yaml rename to stable/argo-cd/environments/dev/ksqldb.yaml diff --git a/incubator/argo-cd/environments/dev/kustomization.yaml b/stable/argo-cd/environments/dev/kustomization.yaml similarity index 100% rename from incubator/argo-cd/environments/dev/kustomization.yaml rename to stable/argo-cd/environments/dev/kustomization.yaml diff --git a/incubator/argo-cd/environments/dev/schema-registry.yaml b/stable/argo-cd/environments/dev/schema-registry.yaml similarity index 100% rename from incubator/argo-cd/environments/dev/schema-registry.yaml rename to stable/argo-cd/environments/dev/schema-registry.yaml diff --git a/incubator/argo-cd/environments/ldap/kustomization.yaml b/stable/argo-cd/environments/ldap/kustomization.yaml similarity index 100% rename from incubator/argo-cd/environments/ldap/kustomization.yaml rename to stable/argo-cd/environments/ldap/kustomization.yaml diff --git a/incubator/argo-cd/environments/ldap/ldap.yaml b/stable/argo-cd/environments/ldap/ldap.yaml similarity index 100% rename from incubator/argo-cd/environments/ldap/ldap.yaml rename to stable/argo-cd/environments/ldap/ldap.yaml diff --git a/incubator/argo-cd/environments/prod/kustomization.yaml b/stable/argo-cd/environments/prod/kustomization.yaml similarity index 100% rename from incubator/argo-cd/environments/prod/kustomization.yaml rename to stable/argo-cd/environments/prod/kustomization.yaml diff --git a/incubator/argo-cd/environments/test/kafka.yaml b/stable/argo-cd/environments/test/kafka.yaml similarity index 100% rename from incubator/argo-cd/environments/test/kafka.yaml rename to stable/argo-cd/environments/test/kafka.yaml diff --git a/incubator/argo-cd/environments/test/kustomization.yaml b/stable/argo-cd/environments/test/kustomization.yaml similarity index 100% rename from incubator/argo-cd/environments/test/kustomization.yaml rename to stable/argo-cd/environments/test/kustomization.yaml diff --git a/incubator/argo-cd/kustomization.yaml b/stable/argo-cd/kustomization.yaml similarity index 100% rename from incubator/argo-cd/kustomization.yaml rename to stable/argo-cd/kustomization.yaml diff --git a/incubator/argo-cd/namespace.yaml b/stable/argo-cd/namespace.yaml similarity index 100% rename from incubator/argo-cd/namespace.yaml rename to stable/argo-cd/namespace.yaml diff --git a/stable/base-no-auth/README.md b/stable/base-no-auth/README.md index ffb85d0..6c86be0 100644 --- a/stable/base-no-auth/README.md +++ b/stable/base-no-auth/README.md @@ -1,12 +1,14 @@ # Basic Deployment -This example deploys a basic deployment. No RBAC/LDAP. Just a single topic 'foobar' is added as part of the pipeline. -### Deploy CRDs -Deploy the CRDS using the standard way: -```shell -kubectl apply -k ../../base/crds -``` -### Deploy Confluent Operator and Confluent Services -Deploy the confluent operator and services: -```shell -kubectl apply -k . -``` \ No newline at end of file +A bare minimum deployment + +## Features + +| Feature | Enabled | Note | +|:----------------|:-------:|-------:| +| Kafka/Zookeeper | ✅ | | +| Control Center | ✅ | | +| Connect | ❌ | | +| Schema Registry | ❌ | | +| KSQL | ❌ | | +| TLS Encryption | ❌ | | +| Authentication | ❌ | | diff --git a/stable/base-no-auth/kustomization.yaml b/stable/base-no-auth/kustomization.yaml index f7d60dd..53ff566 100644 --- a/stable/base-no-auth/kustomization.yaml +++ b/stable/base-no-auth/kustomization.yaml @@ -3,8 +3,6 @@ kind: Kustomization namespace: sandbox resources: - namespace.yaml -- ../../base/operator -- ../../base/cfk-components/confluent-no-auth - +- ../../base/cfk-components/confluent-no-auth-tls diff --git a/stable/base-rbac/README.md b/stable/base-rbac/README.md index 857244a..45a84fc 100644 --- a/stable/base-rbac/README.md +++ b/stable/base-rbac/README.md @@ -1 +1,15 @@ -# Best practice secure production setup +# Basic RBAC Deployment +A minimum deployment using TLS encryption. a LDAP container is also deployed which provides authorization. + +## Features + +| Feature | Enabled | Note | +|:-----------------|:-------:|:-------------------------| +| Kafka/Zookeeper | ✅ | | +| Control Center | ✅ | | +| Connect | ❌ | | +| Schema Registry | ❌ | | +| KSQL | ❌ | | +| TLS Encryption | ✅ | Self-signed certificates | +| Authentication | ✅ | | +| Authorization | ✅ | via LDAP | diff --git a/stable/base-rbac/kustomization.yaml b/stable/base-rbac/kustomization.yaml index 23f58b9..a6e7b12 100644 --- a/stable/base-rbac/kustomization.yaml +++ b/stable/base-rbac/kustomization.yaml @@ -3,7 +3,6 @@ kind: Kustomization namespace: sandbox resources: - namespace.yaml -- ../../base/operator - ../../base/cfk-components/confluent-rbac #- ../../base/cfk-components/confluent-rbac/connect #- ../../base/cfk-components/confluent-rbac/ksqldb diff --git a/stable/cp-cc-cluster-linking/README.md b/stable/cp-cc-cluster-linking/README.md index d19d00e..854346d 100644 --- a/stable/cp-cc-cluster-linking/README.md +++ b/stable/cp-cc-cluster-linking/README.md @@ -1,4 +1,22 @@ -# Cluster Linking +# Cluster Linking (Confluent Platform -> Confluent Cloud) +An example which shows how to cluster link a topic from local to Confluent Cloud. + +## Features + +| Feature | Enabled | Note | +|:----------------|:-------:|:--------------------------------| +| Kafka/Zookeeper | ✅ | | +| Control Center | ✅ | | +| Connect | ❌ | | +| Schema Registry | ❌ | | +| KSQL | ❌ | | +| TLS Encryption | ✅ | Self-signed certificates | +| Authentication | ✅ | | +| Authorization | ✅ | via LDAP | +| Cluster Linking | ✅ | Cluster link to Confluent Cloud | + + + ## Prerequesites - Variable Gathering ### ConfluentCLI https://docs.confluent.io/ccloud-cli/current/install.html @@ -33,18 +51,13 @@ Save these values, they will referred to later as `CC_API_KEY`, and `CC_API_SECR In the file ./linking-script/link-provision update the pod variables stored at spec.containers.env. with the variables we made note of above. ## Deployment -From the present directory: -* Apply our CRDs - * kubectl apply -k ../../base/crds -* Deploy out components: - * kubectl apply -k . - -Whilst our cluster is coming up, our cluster-link-provision pod will be running the necessary command line operations required to setup the link between Confluent Platform and Confluent Cloud. +Proceed with deployment as described in `./GETTING_STARTED.md`. Whilst our cluster is coming up, our cluster-link-provision pod will be running the necessary command line operations required to setup the link between Confluent Platform and Confluent Cloud. After the CP cluster becomes available, you should see successful connection messages in the 'cluster-link-provision' logs that indicate links have been configured: ``` -Cluster link 'oso-link' creation successfully completed. │ Cluster link 'oso-link' creation successfully completed. +Cluster link 'oso-link' creation successfully completed. +Cluster link 'oso-link' creation successfully completed. ``` diff --git a/stable/cp-cc-cluster-linking/kustomization.yaml b/stable/cp-cc-cluster-linking/kustomization.yaml index 22a3151..ced0e56 100644 --- a/stable/cp-cc-cluster-linking/kustomization.yaml +++ b/stable/cp-cc-cluster-linking/kustomization.yaml @@ -2,7 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: destination resources: - - ../../base/operator - ../../base/cfk-components/confluent-rbac - ../../resources/producers/1-producer-tls - namespace.yaml diff --git a/stable/cp-cp-cluster-linking/README.md b/stable/cp-cp-cluster-linking/README.md index 3ec7012..db0dc2b 100644 --- a/stable/cp-cp-cluster-linking/README.md +++ b/stable/cp-cp-cluster-linking/README.md @@ -1,9 +1,17 @@ +# Cluster Linking (Confluent Platform -> Confluent Platform) +This example deploys a multi-tenant solution that exhibits how to perform Confluent Platform to Confluent Platform clusterlinking +## Features - -docker run confluentinc/confluent-cli -- - -docker login --url https://kafka.destination.svc.cluster.local - - -bash-5.1# confluent cluster register --cluster-name kakfa --kafka-cluster-id uMF-aOdiRgGu6cHRLP0P1g --hosts kakfa:9071 --protocol SASL_SSL \ No newline at end of file +| Feature | Enabled | Note | +|:----------------|:-------:|:----------------------------------------------------------------------------------| +| Kafka/Zookeeper | ✅ | | +| Control Center | ✅ | | +| Connect | ❌ | | +| Schema Registry | ❌ | | +| KSQL | ❌ | | +| TLS Encryption | ✅ | Self-signed certificates | +| Authentication | ✅ | RBAC | +| Authorization | ✅ | via LDAP and mTLS (inter-component) | +| Multi-tenant | ✅ | Production and Failover environments running on same cluster | +| Cluster Linking | ✅ | Cluster link occurring on oso-clusterlink-demo topic from production to failover. | diff --git a/stable/cp-cp-cluster-linking/environments/base/confluent/kafka.yaml b/stable/cp-cp-cluster-linking/environments/base/confluent/kafka.yaml index 244b02f..97a97f5 100644 --- a/stable/cp-cp-cluster-linking/environments/base/confluent/kafka.yaml +++ b/stable/cp-cp-cluster-linking/environments/base/confluent/kafka.yaml @@ -41,6 +41,15 @@ spec: secretRef: sealed-credential tls: enabled: true + custom: + - name: monitoring + authentication: + type: plain + jaasConfigPassThrough: + secretRef: sealed-credential + port: 9093 + tls: + enabled: true authorization: type: rbac superUsers: diff --git a/stable/cp-cp-cluster-linking/environments/base/confluent/kustomization.yaml b/stable/cp-cp-cluster-linking/environments/base/confluent/kustomization.yaml index 59c414c..4b9531f 100644 --- a/stable/cp-cp-cluster-linking/environments/base/confluent/kustomization.yaml +++ b/stable/cp-cp-cluster-linking/environments/base/confluent/kustomization.yaml @@ -5,8 +5,8 @@ resources: - kafka.yaml - control-centre.yaml - rest-class.yaml - - connect.yaml - - restproxy.yaml - - schema-registry.yaml - - ksqldb.yaml +# - connect.yaml +# - restproxy.yaml +# - schema-registry.yaml +# - ksqldb.yaml diff --git a/stable/cp-cp-cluster-linking/environments/failover/kafka.yaml b/stable/cp-cp-cluster-linking/environments/failover/kafka.yaml index ac4a564..03e1459 100644 --- a/stable/cp-cp-cluster-linking/environments/failover/kafka.yaml +++ b/stable/cp-cp-cluster-linking/environments/failover/kafka.yaml @@ -16,17 +16,3 @@ spec: - listener.name.replication.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler - authorizer.class.name=io.confluent.kafka.security.authorizer.ConfluentServerAuthorizer - confluent.authorizer.access.rule.providers=ZK_ACL,CONFLUENT - listeners: - external: - externalAccess: - type: loadBalancer - loadBalancer: - bootstrapPrefix: andrew-kafka - brokerPrefix: andrew-kafka - domain: ramona - authentication: - type: plain - jaasConfigPassThrough: - secretRef: sealed-credential - tls: - enabled: true \ No newline at end of file diff --git a/stable/grafana-prometheus/prometheus/node-exporter/serviceaccount.yaml b/stable/cp-cp-cluster-linking/environments/failover/serviceaccount.yaml similarity index 58% rename from stable/grafana-prometheus/prometheus/node-exporter/serviceaccount.yaml rename to stable/cp-cp-cluster-linking/environments/failover/serviceaccount.yaml index 3ce4c66..964db41 100644 --- a/stable/grafana-prometheus/prometheus/node-exporter/serviceaccount.yaml +++ b/stable/cp-cp-cluster-linking/environments/failover/serviceaccount.yaml @@ -1,15 +1,14 @@ --- -# Source: prometheus/templates/node-exporter/serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: labels: - component: "node-exporter" + component: "server" app: prometheus release: oso chart: prometheus-14.6.0 heritage: Helm - name: oso-prometheus-node-exporter + name: oso-prometheus-server namespace: default annotations: {} diff --git a/stable/cp-cp-cluster-linking/environments/production/1-producer-tls/generate_propery.sh b/stable/cp-cp-cluster-linking/environments/production/1-producer-tls/generate_propery.sh new file mode 100755 index 0000000..00e4a7a --- /dev/null +++ b/stable/cp-cp-cluster-linking/environments/production/1-producer-tls/generate_propery.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +kubectl create secret generic kafka-client-config \ +--from-file=kafka.properties=./kafka.properties \ +--dry-run=client --output=yaml > ./kafka-client-config.yaml \ No newline at end of file diff --git a/stable/cp-cp-cluster-linking/environments/production/1-producer-tls/kafka-client-config.yaml b/stable/cp-cp-cluster-linking/environments/production/1-producer-tls/kafka-client-config.yaml new file mode 100644 index 0000000..8f1add0 --- /dev/null +++ b/stable/cp-cp-cluster-linking/environments/production/1-producer-tls/kafka-client-config.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + kafka.properties: Ym9vdHN0cmFwLnNlcnZlcnM9a2Fma2E6OTA5MgpzYXNsLmphYXMuY29uZmlnPW9yZy5hcGFjaGUua2Fma2EuY29tbW9uLnNlY3VyaXR5LnBsYWluLlBsYWluTG9naW5Nb2R1bGUgcmVxdWlyZWQgdXNlcm5hbWU9a2Fma2EgcGFzc3dvcmQ9a2Fma2Etc2VjcmV0OwpzYXNsLm1lY2hhbmlzbT1QTEFJTgpzZWN1cml0eS5wcm90b2NvbD1TQVNMX1NTTApzc2wudHJ1c3RzdG9yZS5sb2NhdGlvbj0vbW50L3NzbGNlcnRzL3RydXN0c3RvcmUuamtzCnNzbC50cnVzdHN0b3JlLnBhc3N3b3JkPW15c3RvcmVwYXNzd29yZA== +kind: Secret +metadata: + creationTimestamp: null + name: kafka-client-config diff --git a/stable/cp-cp-cluster-linking/environments/production/1-producer-tls/kafka.properties b/stable/cp-cp-cluster-linking/environments/production/1-producer-tls/kafka.properties new file mode 100644 index 0000000..60e45cc --- /dev/null +++ b/stable/cp-cp-cluster-linking/environments/production/1-producer-tls/kafka.properties @@ -0,0 +1,6 @@ +bootstrap.servers=kafka:9092 +sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username=kafka password=kafka-secret; +sasl.mechanism=PLAIN +security.protocol=SASL_SSL +ssl.truststore.location=/mnt/sslcerts/truststore.jks +ssl.truststore.password=mystorepassword \ No newline at end of file diff --git a/stable/cp-cp-cluster-linking/environments/production/1-producer-tls/kustomization.yaml b/stable/cp-cp-cluster-linking/environments/production/1-producer-tls/kustomization.yaml new file mode 100644 index 0000000..7123b87 --- /dev/null +++ b/stable/cp-cp-cluster-linking/environments/production/1-producer-tls/kustomization.yaml @@ -0,0 +1,4 @@ +namespace: sandbox +resources: +- kafka-client-config.yaml +- producer-app.yaml diff --git a/stable/cp-cp-cluster-linking/environments/production/1-producer-tls/producer-app.yaml b/stable/cp-cp-cluster-linking/environments/production/1-producer-tls/producer-app.yaml new file mode 100644 index 0000000..5085a52 --- /dev/null +++ b/stable/cp-cp-cluster-linking/environments/production/1-producer-tls/producer-app.yaml @@ -0,0 +1,55 @@ +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: console-producer + namespace: sandbox +spec: + serviceName: console-producer + podManagementPolicy: Parallel + replicas: 1 + selector: + matchLabels: + app: console-producer + template: + metadata: + labels: + app: console-producer + spec: + containers: + - name: console-producer + image: confluentinc/cp-kafka:latest + command: + - /bin/sh + - -c + - | + kafka-producer-perf-test \ + --topic oso-clusterlink-demo \ + --record-size 1024 \ + --throughput 3000 \ + --producer.config /mnt/kafka.properties \ + --num-records 10000 + volumeMounts: + - name: kafka-properties + mountPath: /mnt + - name: kafka-ssl-autogenerated + mountPath: /mnt/sslcerts + resources: + requests: + memory: 512Mi # 768Mi + cpu: 500m # 1000m + volumes: + - name: kafka-properties # Create secret with name `kafka-client-config` with client configurations + secret: + secretName: kafka-client-config + - name: kafka-ssl-autogenerated + secret: + secretName: kafka-generated-jks +--- +apiVersion: v1 +kind: Service +metadata: + name: console-producer + namespace: sandbox +spec: + clusterIP: None \ No newline at end of file diff --git a/stable/cp-cp-cluster-linking/environments/production/kafka.yaml b/stable/cp-cp-cluster-linking/environments/production/kafka.yaml index ac4a564..03e1459 100644 --- a/stable/cp-cp-cluster-linking/environments/production/kafka.yaml +++ b/stable/cp-cp-cluster-linking/environments/production/kafka.yaml @@ -16,17 +16,3 @@ spec: - listener.name.replication.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler - authorizer.class.name=io.confluent.kafka.security.authorizer.ConfluentServerAuthorizer - confluent.authorizer.access.rule.providers=ZK_ACL,CONFLUENT - listeners: - external: - externalAccess: - type: loadBalancer - loadBalancer: - bootstrapPrefix: andrew-kafka - brokerPrefix: andrew-kafka - domain: ramona - authentication: - type: plain - jaasConfigPassThrough: - secretRef: sealed-credential - tls: - enabled: true \ No newline at end of file diff --git a/stable/cp-cp-cluster-linking/environments/production/kustomization.yaml b/stable/cp-cp-cluster-linking/environments/production/kustomization.yaml index 9bef007..fad5932 100644 --- a/stable/cp-cp-cluster-linking/environments/production/kustomization.yaml +++ b/stable/cp-cp-cluster-linking/environments/production/kustomization.yaml @@ -6,5 +6,7 @@ resources: - ../base - cluster-link-rest-class.yaml - demo-topic.yaml + - serviceaccount.yaml + - 1-producer-tls patchesStrategicMerge: - kafka.yaml \ No newline at end of file diff --git a/stable/cp-cp-cluster-linking/environments/production/monitoring/grafana/configmap.yaml b/stable/cp-cp-cluster-linking/environments/production/monitoring/grafana/configmap.yaml new file mode 100644 index 0000000..7752041 --- /dev/null +++ b/stable/cp-cp-cluster-linking/environments/production/monitoring/grafana/configmap.yaml @@ -0,0 +1,24 @@ +--- +# Source: grafana/templates/configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: oso-grafana-envvars + namespace: default + labels: + app.kubernetes.io/name: grafana + helm.sh/chart: grafana-6.1.11 + app.kubernetes.io/instance: oso + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: grafana +data: + GF_SECURITY_ADMIN_USER: "admin" + GF_INSTALL_PLUGINS: "" + GF_PATHS_PLUGINS: "/opt/bitnami/grafana/data/plugins" + GF_AUTH_LDAP_ENABLED: "false" + GF_AUTH_LDAP_CONFIG_FILE: "/opt/bitnami/grafana/conf/ldap.toml" + GF_AUTH_LDAP_ALLOW_SIGN_UP: "false" + GF_PATHS_PROVISIONING: "/opt/bitnami/grafana/conf/provisioning" + GF_PATHS_CONFIG: "/opt/bitnami/grafana/conf/grafana.ini" + GF_PATHS_DATA: "/opt/bitnami/grafana/data" + GF_PATHS_LOGS: "/opt/bitnami/grafana/logs" diff --git a/stable/cp-cp-cluster-linking/environments/production/monitoring/grafana/dashboard-config.yaml b/stable/cp-cp-cluster-linking/environments/production/monitoring/grafana/dashboard-config.yaml new file mode 100644 index 0000000..8cc2884 --- /dev/null +++ b/stable/cp-cp-cluster-linking/environments/production/monitoring/grafana/dashboard-config.yaml @@ -0,0 +1,24 @@ +--- +# Source: prometheus/templates/server/cm.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + component: "server" + app: grafna + release: oso + name: oso-grafana-server-dashboard-config +data: + config.yaml: | + apiVersion: 1 + providers: + - name: 'oso-provider' + orgId: 1 + folder: 'confluent-examples' + type: file + disableDeletion: true + updateIntervalSeconds: 10 + allowUiUpdates: true + options: + path: /opt/bitnami/grafana/conf/provisioning/dashboard-source + foldersFromFilesStructure: true diff --git a/stable/cp-cp-cluster-linking/environments/production/monitoring/grafana/dashboards.yaml b/stable/cp-cp-cluster-linking/environments/production/monitoring/grafana/dashboards.yaml new file mode 100644 index 0000000..a8d2c4a --- /dev/null +++ b/stable/cp-cp-cluster-linking/environments/production/monitoring/grafana/dashboards.yaml @@ -0,0 +1,663 @@ +--- +# Source: prometheus/templates/server/cm.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + component: "server" + app: grafna + release: oso + name: oso-grafana-server-dashboards +data: + confluent-platform.json: | + { + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "description": "Kafka resource usage and throughput", + "editable": true, + "gnetId": 7589, + "graphTooltip": 0, + "id": 2, + "iteration": 1632223576629, + "links": [], + "panels": [ + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 10, + "w": 10, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 14, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": 480, + "sort": "max", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.1.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(kafka_topic_partition_current_offset{instance=\"$instance\", topic=~\"$topic\"}[1m])) by (topic)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{topic}}", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Message in per second", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 10, + "w": 10, + "x": 10, + "y": 0 + }, + "hiddenSeries": false, + "id": 12, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": 480, + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.1.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(kafka_consumergroup_lag{instance=\"$instance\",topic=~\"$topic\"}) by (consumergroup, topic) ", + "format": "time_series", + "instant": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{consumergroup}} (topic: {{topic}})", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Lag by Consumer Group", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": "", + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 10, + "w": 10, + "x": 0, + "y": 10 + }, + "hiddenSeries": false, + "id": 16, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": 480, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.1.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(delta(kafka_topic_partition_current_offset{instance=~'$instance', topic=~\"$topic\"}[5m])/5) by (topic)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{topic}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Message in per minute", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 10, + "w": 10, + "x": 10, + "y": 10 + }, + "hiddenSeries": false, + "id": 18, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": 480, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.1.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(delta(kafka_consumergroup_current_offset{instance=~'$instance',topic=~\"$topic\"}[5m])/5) by (consumergroup, topic)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{consumergroup}} (topic: {{topic}})", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Message consume per minute", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 20, + "x": 0, + "y": 20 + }, + "hiddenSeries": false, + "id": 8, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": 420, + "total": false, + "values": true + }, + "lines": false, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.1.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum by(topic) (kafka_topic_partitions{instance=\"$instance\",topic=~\"$topic\"})", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{topic}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Partitions per Topic", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "series", + "name": null, + "show": false, + "values": [ + "current" + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "refresh": "5s", + "schemaVersion": 30, + "style": "dark", + "tags": [ + "Kafka" + ], + "templating": { + "list": [ + { + "allValue": null, + "current": { + "selected": false, + "text": "kafka-exporter", + "value": "kafka-exporter" + }, + "datasource": "prometheus", + "definition": "", + "description": null, + "error": null, + "hide": 0, + "includeAll": false, + "label": "Job", + "multi": false, + "name": "job", + "options": [], + "query": { + "query": "label_values(kafka_consumergroup_current_offset, job)", + "refId": "prometheus-job-Variable-Query" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "selected": true, + "text": "oso-prometheus-kafka-exporter:9308", + "value": "oso-prometheus-kafka-exporter:9308" + }, + "datasource": "prometheus", + "definition": "", + "description": null, + "error": null, + "hide": 0, + "includeAll": false, + "label": "Instance", + "multi": false, + "name": "instance", + "options": [], + "query": { + "query": "label_values(kafka_consumergroup_current_offset{job=~\"$job\"}, instance)", + "refId": "prometheus-instance-Variable-Query" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "selected": true, + "text": [ + "alpha-topic", + "bravo-topic", + "charlie-topic", + "delta-topic" + ], + "value": [ + "alpha-topic", + "bravo-topic", + "charlie-topic", + "delta-topic" + ] + }, + "datasource": "prometheus", + "definition": "", + "description": null, + "error": null, + "hide": 0, + "includeAll": true, + "label": "Topic", + "multi": true, + "name": "topic", + "options": [], + "query": { + "query": "label_values(kafka_topic_partition_current_offset{instance='$instance',topic!='__consumer_offsets',topic!='--kafka'}, topic)", + "refId": "prometheus-topic-Variable-Query" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-5m", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "browser", + "title": "Kafka Exporter Overview", + "uid": "nfUWQVH7k", + "version": 1 + } \ No newline at end of file diff --git a/stable/cp-cp-cluster-linking/environments/production/monitoring/grafana/dashboards/confluent-platform.json b/stable/cp-cp-cluster-linking/environments/production/monitoring/grafana/dashboards/confluent-platform.json new file mode 100644 index 0000000..c4cbbe1 --- /dev/null +++ b/stable/cp-cp-cluster-linking/environments/production/monitoring/grafana/dashboards/confluent-platform.json @@ -0,0 +1,651 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "description": "Kafka resource usage and throughput", + "editable": true, + "gnetId": 7589, + "graphTooltip": 0, + "id": 2, + "iteration": 1632223576629, + "links": [], + "panels": [ + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 10, + "w": 10, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 14, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": 480, + "sort": "max", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.1.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(kafka_topic_partition_current_offset{instance=\"$instance\", topic=~\"$topic\"}[1m])) by (topic)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{topic}}", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Message in per second", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 10, + "w": 10, + "x": 10, + "y": 0 + }, + "hiddenSeries": false, + "id": 12, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": 480, + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.1.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(kafka_consumergroup_lag{instance=\"$instance\",topic=~\"$topic\"}) by (consumergroup, topic) ", + "format": "time_series", + "instant": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{consumergroup}} (topic: {{topic}})", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Lag by Consumer Group", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": "", + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 10, + "w": 10, + "x": 0, + "y": 10 + }, + "hiddenSeries": false, + "id": 16, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": 480, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.1.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(delta(kafka_topic_partition_current_offset{instance=~'$instance', topic=~\"$topic\"}[5m])/5) by (topic)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{topic}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Message in per minute", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 10, + "w": 10, + "x": 10, + "y": 10 + }, + "hiddenSeries": false, + "id": 18, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": 480, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.1.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(delta(kafka_consumergroup_current_offset{instance=~'$instance',topic=~\"$topic\"}[5m])/5) by (consumergroup, topic)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{consumergroup}} (topic: {{topic}})", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Message consume per minute", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 20, + "x": 0, + "y": 20 + }, + "hiddenSeries": false, + "id": 8, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": 420, + "total": false, + "values": true + }, + "lines": false, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "8.1.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum by(topic) (kafka_topic_partitions{instance=\"$instance\",topic=~\"$topic\"})", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{topic}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Partitions per Topic", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "series", + "name": null, + "show": false, + "values": [ + "current" + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "refresh": "5s", + "schemaVersion": 30, + "style": "dark", + "tags": [ + "Kafka" + ], + "templating": { + "list": [ + { + "allValue": null, + "current": { + "selected": false, + "text": "kafka-exporter", + "value": "kafka-exporter" + }, + "datasource": "prometheus", + "definition": "", + "description": null, + "error": null, + "hide": 0, + "includeAll": false, + "label": "Job", + "multi": false, + "name": "job", + "options": [], + "query": { + "query": "label_values(kafka_consumergroup_current_offset, job)", + "refId": "prometheus-job-Variable-Query" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "selected": true, + "text": "oso-prometheus-kafka-exporter:9308", + "value": "oso-prometheus-kafka-exporter:9308" + }, + "datasource": "prometheus", + "definition": "", + "description": null, + "error": null, + "hide": 0, + "includeAll": false, + "label": "Instance", + "multi": false, + "name": "instance", + "options": [], + "query": { + "query": "label_values(kafka_consumergroup_current_offset{job=~\"$job\"}, instance)", + "refId": "prometheus-instance-Variable-Query" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "selected": true, + "text": [ + "alpha-topic", + "bravo-topic", + "charlie-topic", + "delta-topic" + ], + "value": [ + "alpha-topic", + "bravo-topic", + "charlie-topic", + "delta-topic" + ] + }, + "datasource": "prometheus", + "definition": "", + "description": null, + "error": null, + "hide": 0, + "includeAll": true, + "label": "Topic", + "multi": true, + "name": "topic", + "options": [], + "query": { + "query": "label_values(kafka_topic_partition_current_offset{instance='$instance',topic!='__consumer_offsets',topic!='--kafka'}, topic)", + "refId": "prometheus-topic-Variable-Query" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-5m", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "browser", + "title": "Kafka Exporter Overview", + "uid": "nfUWQVH7k", + "version": 1 +} \ No newline at end of file diff --git a/stable/cp-cp-cluster-linking/environments/production/monitoring/grafana/dashboards/kafak-lag-exporter.json b/stable/cp-cp-cluster-linking/environments/production/monitoring/grafana/dashboards/kafak-lag-exporter.json new file mode 100644 index 0000000..f81904d --- /dev/null +++ b/stable/cp-cp-cluster-linking/environments/production/monitoring/grafana/dashboards/kafak-lag-exporter.json @@ -0,0 +1,1038 @@ +{ + "__inputs": [ + { + "name": "prometheus", + "label": "Instance", + "description": "", + "type": "datasource", + "pluginId": "prometheus", + "pluginName": "Prometheus" + } + ], + "__requires": [ + { + "type": "grafana", + "id": "grafana", + "name": "Grafana", + "version": "5.3.4" + }, + { + "type": "panel", + "id": "graph", + "name": "Graph", + "version": "5.0.0" + }, + { + "type": "datasource", + "id": "prometheus", + "name": "Prometheus", + "version": "5.0.0" + } + ], + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": null, + "iteration": 1556312150750, + "links": [], + "panels": [ + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 28, + "panels": [], + "repeat": null, + "title": "All Consumer Group Lag", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "description": "Max extrapolated lag in seconds for each consumer group.", + "fill": 1, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 1 + }, + "id": 102, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "topk(50, kafka_consumergroup_group_max_lag_seconds{namespace=\"$namespace\",cluster_name=\"$cluster_name\",group=~\"$consumer_group\"})", + "format": "time_series", + "hide": false, + "intervalFactor": 1, + "legendFormat": "{{group}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Consumer Group Max Lag Seconds", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "s", + "label": "estimated lag in seconds", + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "description": "Extrapolated lag in seconds for each partition.", + "fill": 1, + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 1 + }, + "id": 103, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "topk(25, kafka_consumergroup_group_lag_seconds{namespace=\"$namespace\",cluster_name=\"$cluster_name\",group=~\"$consumer_group\"})", + "format": "time_series", + "hide": false, + "intervalFactor": 1, + "legendFormat": "{{group}},{{topic}},{{partition}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Consumer Group Lag Partition Seconds", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "s", + "label": "estimated lag in seconds", + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "description": "Max offset lag for each consumer group.", + "fill": 1, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 11 + }, + "id": 98, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "repeatDirection": "h", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "topk(50, kafka_consumergroup_group_max_lag{namespace=\"$namespace\",cluster_name=\"$cluster_name\",group=~\"$consumer_group\"})", + "format": "time_series", + "hide": false, + "intervalFactor": 1, + "legendFormat": "{{group}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Consumer Group Max Lag Offsets", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "none", + "label": "offsets", + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "description": "Consumer Group Lag Partition Offsets", + "fill": 1, + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 11 + }, + "id": 82, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "topk(25, kafka_consumergroup_group_lag{namespace=\"$namespace\",cluster_name=\"$cluster_name\",group=~\"$consumer_group\"})", + "format": "time_series", + "hide": false, + "intervalFactor": 1, + "legendFormat": "{{group}},{{topic}},{{partition}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Consumer Group Lag Partition Offsets", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "none", + "label": "offsets", + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": "offsets_2", + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 21 + }, + "id": 149, + "panels": [], + "title": "Consumer Group Lag In Time Per Group Over Offset Lag", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "description": "", + "fill": 0, + "gridPos": { + "h": 8, + "w": 8, + "x": 0, + "y": 22 + }, + "id": 147, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "minSpan": 8, + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": "consumer_group", + "repeatDirection": "h", + "seriesOverrides": [ + { + "alias": "Consumer group lag in offsets", + "color": "#cca300", + "linewidth": 2, + "yaxis": 2 + }, + { + "alias": "Consumer group lag in time", + "color": "rgb(255, 0, 0)", + "linewidth": 2, + "yaxis": 1 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "kafka_consumergroup_group_max_lag_seconds{namespace=\"$namespace\",cluster_name=\"$cluster_name\",group=~\"$consumer_group\"}", + "format": "time_series", + "hide": false, + "intervalFactor": 1, + "legendFormat": "Consumer group lag in time", + "refId": "A" + }, + { + "expr": "kafka_consumergroup_group_max_lag{namespace=\"$namespace\",cluster_name=\"$cluster_name\",group=~\"$consumer_group\"}", + "format": "time_series", + "hide": false, + "intervalFactor": 1, + "legendFormat": "Consumer group lag in offsets", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "$consumer_group", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "transparent": false, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "s", + "label": "estimated lag in seconds", + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": "lag in offsets", + "logBase": 1, + "max": null, + "min": "0", + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 30 + }, + "id": 106, + "panels": [], + "title": "Consumer Group Lag in Time Per Group Over Summed Offsets", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "description": "", + "fill": 0, + "gridPos": { + "h": 8, + "w": 8, + "x": 0, + "y": 31 + }, + "id": 107, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "minSpan": 8, + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": "consumer_group", + "repeatDirection": "h", + "seriesOverrides": [ + { + "alias": "Sum of group offsets", + "yaxis": 2 + }, + { + "alias": "Sum of latest offsets", + "yaxis": 2 + }, + { + "alias": "/Consumer group.*/", + "color": "rgb(255, 0, 0)", + "linewidth": 2 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "max(kafka_consumergroup_group_lag_seconds{namespace=\"$namespace\",cluster_name=\"$cluster_name\",group=~\"$consumer_group\"}) by (group)", + "format": "time_series", + "hide": false, + "intervalFactor": 1, + "legendFormat": "Consumer group lag in time", + "refId": "A" + }, + { + "expr": "sum(kafka_consumergroup_group_offset{namespace=\"$namespace\",cluster_name=\"$cluster_name\",group=~\"$consumer_group\"})", + "format": "time_series", + "hide": false, + "intervalFactor": 1, + "legendFormat": "Sum of group offsets", + "refId": "B" + }, + { + "expr": "sum((kafka_consumergroup_group_offset{namespace=\"$namespace\",cluster_name=\"$cluster_name\",group=~\"$consumer_group\"} * 0)\n+ on(namespace,cluster_name,topic,partition) group_left() kafka_partition_latest_offset{namespace=\"$namespace\",cluster_name=\"$cluster_name\"})", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "Sum of latest offsets", + "refId": "C" + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "$consumer_group", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "transparent": false, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "s", + "label": "estimated lag in seconds", + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": "offset", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 39 + }, + "id": 101, + "panels": [], + "title": "Kafka Lag Exporter JVM Metrics", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "fill": 1, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 40 + }, + "id": 99, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(jvm_memory_bytes_used{app_kubernetes_io_instance=\"kafka-lag-exporter\"}[5m])) by (kubernetes_pod_name)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{kubernetes_pod_name}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "JVM Memory Used", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "decbytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "fill": 1, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 40 + }, + "id": 95, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(jvm_gc_collection_seconds_sum{app_kubernetes_io_instance=\"kafka-lag-exporter\"}[5m])) by (kubernetes_pod_name)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{kubernetes_pod_name}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "JVM GC Time", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "prometheus", + "fill": 1, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 40 + }, + "id": 97, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(jvm_gc_collection_seconds_count{app_kubernetes_io_instance=\"kafka-lag-exporter\"}[5m])) by (kubernetes_pod_name)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{kubernetes_pod_name}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "JVM GC Rate", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "refresh": "5m", + "schemaVersion": 16, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "allValue": null, + "current": {}, + "datasource": "prometheus", + "hide": 0, + "includeAll": false, + "label": "Namespace", + "multi": false, + "name": "namespace", + "options": [], + "query": "query_result(kafka_consumergroup_group_lag)", + "refresh": 1, + "regex": "/.*namespace=\"([^\"]*).*/", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": {}, + "datasource": "prometheus", + "hide": 0, + "includeAll": false, + "label": "Cluster Name", + "multi": false, + "name": "cluster_name", + "options": [], + "query": "query_result(kafka_consumergroup_group_lag{namespace=\"$namespace\"})", + "refresh": 1, + "regex": "/.*cluster_name=\"([^\"]*).*/", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": ".*", + "current": {}, + "datasource": "prometheus", + "hide": 0, + "includeAll": true, + "label": "Consumer Group", + "multi": true, + "name": "consumer_group", + "options": [], + "query": "query_result(kafka_consumergroup_group_lag{namespace=\"$namespace\",cluster_name=\"$cluster_name\"})", + "refresh": 1, + "regex": "/.*group=\"([^\"]*).*/", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-30m", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "", + "title": "Kafka Lag Exporter", + "uid": "8LW1Yd8ik", + "version": 14 +} \ No newline at end of file diff --git a/stable/cp-cp-cluster-linking/environments/production/monitoring/grafana/datasources.yaml b/stable/cp-cp-cluster-linking/environments/production/monitoring/grafana/datasources.yaml new file mode 100644 index 0000000..b5b843d --- /dev/null +++ b/stable/cp-cp-cluster-linking/environments/production/monitoring/grafana/datasources.yaml @@ -0,0 +1,22 @@ +--- +# Source: prometheus/templates/server/cm.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + component: "server" + app: grafna + release: oso + name: oso-grafana-server-datasources +data: + prometheus.yml: | + apiVersion: 1 + datasources: + - access: 'proxy' + editable: true + is_default: true + name: 'prometheus' + org_id: 1 + type: 'prometheus' + url: 'http://oso-prometheus-server:80' + version: 1 \ No newline at end of file diff --git a/stable/cp-cp-cluster-linking/environments/production/monitoring/grafana/deployment.yaml b/stable/cp-cp-cluster-linking/environments/production/monitoring/grafana/deployment.yaml new file mode 100644 index 0000000..d4dc9db --- /dev/null +++ b/stable/cp-cp-cluster-linking/environments/production/monitoring/grafana/deployment.yaml @@ -0,0 +1,118 @@ +--- +# Source: grafana/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: oso-grafana + namespace: default + labels: + app.kubernetes.io/name: grafana + helm.sh/chart: grafana-6.1.11 + app.kubernetes.io/instance: oso + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: grafana +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: grafana + app.kubernetes.io/instance: oso + app.kubernetes.io/component: grafana + strategy: + type: RollingUpdate + template: + metadata: + labels: + app.kubernetes.io/name: grafana + helm.sh/chart: grafana-6.1.11 + app.kubernetes.io/instance: oso + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: grafana + annotations: + checksum/secret: 071b561f1f90acdf28cf77c354e8db5aa60fe52dc656c5f175e72a7aed28abe5 + checksum/config: ca8b427900a3dcdd9888348a7e0abc43422f5e557b57164c9464a5b5c0e0e957 + checksum/dashboard-provider: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + spec: + serviceAccountName: oso-grafana + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: grafana + app.kubernetes.io/instance: oso + app.kubernetes.io/component: grafana + namespaces: + - "default" + topologyKey: kubernetes.io/hostname + weight: 1 + nodeAffinity: + + securityContext: + runAsUser: 1001 + fsGroup: 1001 + runAsNonRoot: true + containers: + - name: grafana + image: docker.io/bitnami/grafana:8.1.2-debian-10-r6 + imagePullPolicy: IfNotPresent + envFrom: + - configMapRef: + name: oso-grafana-envvars + env: + - name: GF_INSTALL_PLUGINS + value: "grafana-piechart-panel" + - name: GF_SECURITY_ADMIN_USER + value: "admin" + - name: GF_SECURITY_ADMIN_PASSWORD + value: "password" + - name: GF_USERS_ALLOW_SIGN_UP + value: "false" + volumeMounts: + - name: data + mountPath: /opt/bitnami/grafana/data + - name: data-sources + mountPath: /opt/bitnami/grafana/conf/provisioning/datasources + - name: dashboard-config + mountPath: /opt/bitnami/grafana/conf/provisioning/dashboards + - name: dashboards + mountPath: /opt/bitnami/grafana/conf/provisioning/dashboard-source + ports: + - name: dashboard + containerPort: 3000 + protocol: TCP + livenessProbe: + httpGet: + path: /api/health + port: dashboard + initialDelaySeconds: 120 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + readinessProbe: + httpGet: + path: /api/health + port: dashboard + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + resources: + limits: {} + requests: {} + volumes: + - name: data + persistentVolumeClaim: + claimName: oso-grafana + - name: data-sources + configMap: + name: oso-grafana-server-datasources + - name: dashboards + configMap: + name: oso-grafana-server-dashboards + - name: dashboard-config + configMap: + name: oso-grafana-server-dashboard-config diff --git a/stable/cp-cp-cluster-linking/environments/production/monitoring/grafana/kustomization.yaml b/stable/cp-cp-cluster-linking/environments/production/monitoring/grafana/kustomization.yaml new file mode 100644 index 0000000..7835ca3 --- /dev/null +++ b/stable/cp-cp-cluster-linking/environments/production/monitoring/grafana/kustomization.yaml @@ -0,0 +1,25 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- configmap.yaml +- datasources.yaml +#- dashboards.yaml +- dashboard-config.yaml +- deployment.yaml +- pvc.yaml +- secret.yaml +- service.yaml +- serviceaccount.yaml + +configMapGenerator: + - name: oso-grafana-server-dashboards + files: + - dashboards/confluent-platform.json + - dashboards/kafak-lag-exporter.json + +generatorOptions: + disableNameSuffixHash: true + labels: + component: "server" + app: grafna + release: oso \ No newline at end of file diff --git a/stable/cp-cp-cluster-linking/environments/production/monitoring/grafana/pvc.yaml b/stable/cp-cp-cluster-linking/environments/production/monitoring/grafana/pvc.yaml new file mode 100644 index 0000000..9a0f348 --- /dev/null +++ b/stable/cp-cp-cluster-linking/environments/production/monitoring/grafana/pvc.yaml @@ -0,0 +1,19 @@ +--- +# Source: grafana/templates/pvc.yaml +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: oso-grafana + namespace: default + labels: + app.kubernetes.io/name: grafana + helm.sh/chart: grafana-6.1.11 + app.kubernetes.io/instance: oso + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: grafana +spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "10Gi" diff --git a/stable/cp-cp-cluster-linking/environments/production/monitoring/grafana/secret.yaml b/stable/cp-cp-cluster-linking/environments/production/monitoring/grafana/secret.yaml new file mode 100644 index 0000000..7734e43 --- /dev/null +++ b/stable/cp-cp-cluster-linking/environments/production/monitoring/grafana/secret.yaml @@ -0,0 +1,16 @@ +--- +# Source: grafana/templates/secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: oso-grafana-admin + namespace: default + labels: + app.kubernetes.io/name: grafana + helm.sh/chart: grafana-6.1.11 + app.kubernetes.io/instance: oso + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: grafana +type: Opaque +data: + GF_SECURITY_ADMIN_PASSWORD: "T2gwaGk1a3NNcA==" diff --git a/stable/cp-cp-cluster-linking/environments/production/monitoring/grafana/service.yaml b/stable/cp-cp-cluster-linking/environments/production/monitoring/grafana/service.yaml new file mode 100644 index 0000000..b7e327e --- /dev/null +++ b/stable/cp-cp-cluster-linking/environments/production/monitoring/grafana/service.yaml @@ -0,0 +1,25 @@ +--- +# Source: grafana/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: oso-grafana + namespace: default + labels: + app.kubernetes.io/name: grafana + helm.sh/chart: grafana-6.1.11 + app.kubernetes.io/instance: oso + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: grafana +spec: + type: ClusterIP + ports: + - port: 3000 + targetPort: dashboard + protocol: TCP + name: http + nodePort: null + selector: + app.kubernetes.io/name: grafana + app.kubernetes.io/instance: oso + app.kubernetes.io/component: grafana diff --git a/stable/cp-cp-cluster-linking/environments/production/monitoring/grafana/serviceaccount.yaml b/stable/cp-cp-cluster-linking/environments/production/monitoring/grafana/serviceaccount.yaml new file mode 100644 index 0000000..31d011f --- /dev/null +++ b/stable/cp-cp-cluster-linking/environments/production/monitoring/grafana/serviceaccount.yaml @@ -0,0 +1,14 @@ +--- +# Source: grafana/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: oso-grafana + namespace: default + labels: + app.kubernetes.io/name: grafana + helm.sh/chart: grafana-6.1.11 + app.kubernetes.io/instance: oso + app.kubernetes.io/managed-by: Helm +secrets: + - name: oso-grafana-admin diff --git a/stable/cp-cp-cluster-linking/environments/production/monitoring/kustomization.yaml b/stable/cp-cp-cluster-linking/environments/production/monitoring/kustomization.yaml new file mode 100644 index 0000000..8a4dd9f --- /dev/null +++ b/stable/cp-cp-cluster-linking/environments/production/monitoring/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +resources: + - grafana + - prometheus + + diff --git a/stable/cp-cp-cluster-linking/environments/production/monitoring/prometheus/kafka-exporter/deploy.yaml b/stable/cp-cp-cluster-linking/environments/production/monitoring/prometheus/kafka-exporter/deploy.yaml new file mode 100644 index 0000000..8f178a8 --- /dev/null +++ b/stable/cp-cp-cluster-linking/environments/production/monitoring/prometheus/kafka-exporter/deploy.yaml @@ -0,0 +1,34 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kafka-exporter +spec: + selector: + matchLabels: + app: kafka-exporter + replicas: 1 + template: + metadata: + labels: + component: "server" + app: kafka-exporter + spec: + enableServiceLinks: true + serviceAccountName: oso-prometheus-server + containers: + - name: kafka-exporter + image: "danielqsj/kafka-exporter:latest" + imagePullPolicy: Always + args: + - --kafka.server=kafka:9092 + - --sasl.enabled + - --sasl.mechanism=plain + - --sasl.username=kafka + - --sasl.password=kafka-secret + - --tls.enabled + - --tls.insecure-skip-tls-verify + - --verbosity=10 + ports: + - name: "kexporter" + containerPort: 9308 + protocol: TCP \ No newline at end of file diff --git a/stable/cp-cp-cluster-linking/environments/production/monitoring/prometheus/kafka-exporter/kustomization.yaml b/stable/cp-cp-cluster-linking/environments/production/monitoring/prometheus/kafka-exporter/kustomization.yaml new file mode 100644 index 0000000..bc51436 --- /dev/null +++ b/stable/cp-cp-cluster-linking/environments/production/monitoring/prometheus/kafka-exporter/kustomization.yaml @@ -0,0 +1,3 @@ +resources: +- deploy.yaml +- service.yaml diff --git a/stable/cp-cp-cluster-linking/environments/production/monitoring/prometheus/kafka-exporter/service.yaml b/stable/cp-cp-cluster-linking/environments/production/monitoring/prometheus/kafka-exporter/service.yaml new file mode 100644 index 0000000..52a9184 --- /dev/null +++ b/stable/cp-cp-cluster-linking/environments/production/monitoring/prometheus/kafka-exporter/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: kafka-exporter + labels: + service: kafka-exporter-service +spec: + type: ClusterIP + ports: + - port: 9308 + name: "kexporter" + targetPort: 9308 + protocol: TCP + selector: + app: kafka-exporter diff --git a/stable/cp-cp-cluster-linking/environments/production/monitoring/prometheus/kustomization.yaml b/stable/cp-cp-cluster-linking/environments/production/monitoring/prometheus/kustomization.yaml new file mode 100644 index 0000000..cf470cd --- /dev/null +++ b/stable/cp-cp-cluster-linking/environments/production/monitoring/prometheus/kustomization.yaml @@ -0,0 +1,5 @@ +resources: +- server +- kafka-exporter +#- node-exporter + diff --git a/stable/cp-cp-cluster-linking/environments/production/monitoring/prometheus/server/cm.yaml b/stable/cp-cp-cluster-linking/environments/production/monitoring/prometheus/server/cm.yaml new file mode 100644 index 0000000..47fff76 --- /dev/null +++ b/stable/cp-cp-cluster-linking/environments/production/monitoring/prometheus/server/cm.yaml @@ -0,0 +1,66 @@ +--- +# Source: prometheus/templates/server/cm.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + component: "server" + app: prometheus + release: oso + chart: prometheus-14.6.0 + heritage: Helm + name: oso-prometheus-server + namespace: default +data: + alerting_rules.yml: | + {} + alerts: | + {} + prometheus.yml: | + global: + evaluation_interval: 1m + scrape_interval: 1m + scrape_timeout: 10s + rule_files: + - /etc/config/recording_rules.yml + - /etc/config/alerting_rules.yml + - /etc/config/rules + - /etc/config/alerts + scrape_configs: + - job_name: "prometheus" + static_configs: + - targets: ["localhost:9090"] + - job_name: "zookeeper" + static_configs: + - targets: [ + "zookeeper:7778" + ] + relabel_configs: + - source_labels: [__address__] + target_label: hostname + regex: '([^:]+)(:[0-9]+)?' + replacement: '${1}' + - job_name: "kafka-broker" + static_configs: + - targets: [ + "kafka:7778" + ] + relabel_configs: + - source_labels: [__address__] + target_label: hostname + regex: '([^:]+)(:[0-9]+)?' + replacement: '${1}' + - job_name: "kafka-exporter" + static_configs: + - targets: [ + "kafka-exporter:9308" + ] + relabel_configs: + - source_labels: [__address__] + target_label: hostname + regex: '([^:]+)(:[0-9]+)?' + replacement: '${1}' + recording_rules.yml: | + {} + rules: | + {} diff --git a/stable/cp-cp-cluster-linking/environments/production/monitoring/prometheus/server/deploy.yaml b/stable/cp-cp-cluster-linking/environments/production/monitoring/prometheus/server/deploy.yaml new file mode 100644 index 0000000..a93fb42 --- /dev/null +++ b/stable/cp-cp-cluster-linking/environments/production/monitoring/prometheus/server/deploy.yaml @@ -0,0 +1,98 @@ +--- +# Source: prometheus/templates/server/deploy.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + component: "server" + app: prometheus + release: oso + chart: prometheus-14.6.0 + heritage: Helm + name: oso-prometheus-server + namespace: default +spec: + selector: + matchLabels: + component: "server" + app: prometheus + release: oso + replicas: 1 + template: + metadata: + labels: + component: "server" + app: prometheus + release: oso + chart: prometheus-14.6.0 + heritage: Helm + spec: + enableServiceLinks: true + serviceAccountName: oso-prometheus-server + containers: + - name: prometheus-server-configmap-reload + image: "jimmidyson/configmap-reload:v0.5.0" + imagePullPolicy: "IfNotPresent" + args: + - --volume-dir=/etc/config + - --webhook-url=http://127.0.0.1:9090/-/reload + resources: + {} + volumeMounts: + - name: config-volume + mountPath: /etc/config + readOnly: true + + - name: prometheus-server + image: "quay.io/prometheus/prometheus:v2.26.0" + imagePullPolicy: "IfNotPresent" + args: + - --storage.tsdb.retention.time=15d + - --config.file=/etc/config/prometheus.yml + - --storage.tsdb.path=/data + - --web.console.libraries=/etc/prometheus/console_libraries + - --web.console.templates=/etc/prometheus/consoles + - --web.enable-lifecycle + ports: + - containerPort: 9090 + readinessProbe: + httpGet: + path: /-/ready + port: 9090 + initialDelaySeconds: 30 + periodSeconds: 5 + timeoutSeconds: 4 + failureThreshold: 3 + successThreshold: 1 + livenessProbe: + httpGet: + path: /-/healthy + port: 9090 + initialDelaySeconds: 30 + periodSeconds: 15 + timeoutSeconds: 10 + failureThreshold: 3 + successThreshold: 1 + resources: + {} + volumeMounts: + - name: config-volume + mountPath: /etc/config + - name: storage-volume + mountPath: /data + subPath: "" + hostNetwork: false + dnsPolicy: ClusterFirst + securityContext: + fsGroup: 65534 + runAsGroup: 65534 + runAsNonRoot: true + runAsUser: 65534 + terminationGracePeriodSeconds: 300 + volumes: + - name: config-volume + configMap: + name: oso-prometheus-server + - name: storage-volume + persistentVolumeClaim: + claimName: oso-prometheus-server diff --git a/stable/cp-cp-cluster-linking/environments/production/monitoring/prometheus/server/kustomization.yaml b/stable/cp-cp-cluster-linking/environments/production/monitoring/prometheus/server/kustomization.yaml new file mode 100644 index 0000000..f54486d --- /dev/null +++ b/stable/cp-cp-cluster-linking/environments/production/monitoring/prometheus/server/kustomization.yaml @@ -0,0 +1,5 @@ +resources: +- cm.yaml +- deploy.yaml +- pvc.yaml +- service.yaml diff --git a/stable/cp-cp-cluster-linking/environments/production/monitoring/prometheus/server/pvc.yaml b/stable/cp-cp-cluster-linking/environments/production/monitoring/prometheus/server/pvc.yaml new file mode 100644 index 0000000..e067b55 --- /dev/null +++ b/stable/cp-cp-cluster-linking/environments/production/monitoring/prometheus/server/pvc.yaml @@ -0,0 +1,19 @@ +--- +# Source: prometheus/templates/server/pvc.yaml +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + component: "server" + app: prometheus + release: oso + chart: prometheus-14.6.0 + heritage: Helm + name: oso-prometheus-server + namespace: default +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: "8Gi" diff --git a/stable/cp-cp-cluster-linking/environments/production/monitoring/prometheus/server/service.yaml b/stable/cp-cp-cluster-linking/environments/production/monitoring/prometheus/server/service.yaml new file mode 100644 index 0000000..7fe17b5 --- /dev/null +++ b/stable/cp-cp-cluster-linking/environments/production/monitoring/prometheus/server/service.yaml @@ -0,0 +1,25 @@ +--- +# Source: prometheus/templates/server/service.yaml +apiVersion: v1 +kind: Service +metadata: + labels: + component: "server" + app: prometheus + release: oso + chart: prometheus-14.6.0 + heritage: Helm + name: oso-prometheus-server + namespace: default +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 9090 + selector: + component: "server" + app: prometheus + release: oso + sessionAffinity: None + type: "ClusterIP" diff --git a/stable/cp-cp-cluster-linking/environments/production/serviceaccount.yaml b/stable/cp-cp-cluster-linking/environments/production/serviceaccount.yaml new file mode 100644 index 0000000..964db41 --- /dev/null +++ b/stable/cp-cp-cluster-linking/environments/production/serviceaccount.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + component: "server" + app: prometheus + release: oso + chart: prometheus-14.6.0 + heritage: Helm + name: oso-prometheus-server + namespace: default + annotations: + {} diff --git a/stable/custom-connect-gcp-connectors/README.md b/stable/custom-connect-gcp-connectors/README.md index 84c54a6..11f2435 100644 --- a/stable/custom-connect-gcp-connectors/README.md +++ b/stable/custom-connect-gcp-connectors/README.md @@ -1,33 +1,38 @@ -1. cd into `/examples/custom-connect` +# Custom Connect GCP Connectors +Builds and deploys Google Cloud Spanner Sink connector to move data from Kafka to a Google Cloud Spanner database -2. start minikube -```shell -minikube start --cpus=6 --memory=16384 -``` +## Features + +| Feature | Enabled | Note | +|:----------------|:-------:|:----------------------------------------------------------------------------------| +| Kafka/Zookeeper | ✅ | | +| Control Center | ✅ | | +| Connect | ✅ | | +| Schema Registry | ❌ | | +| KSQL | ❌ | | +| TLS Encryption | ✅ | Self-signed certificates | +| Authentication | ✅ | RBAC | +| Authorization | ✅ | via LDAP and mTLS (inter-component) | -3. apply CFK crds and Componets -```shell -kubectl apply -k ../../base/crds && kubectl apply -k . -``` -4. run docker build for connect image into minikube +### run docker build for connect image into minikube ```shell cd docker ./build-inside.sh ``` [//]# (TODO) There is no such service-account.json -6. create google service account secret which is used in the connect config +### create google service account secret which is used in the connect config ```shell kubectl create secret generic gcs-service-account --from-file=./gcs-connect/service-account.json -n sandbox ``` -7. Port forward the connect cluster to create connect task: +### Port forward the connect cluster to create connect task: ```shell kubectl port-forward -n sandbox gcsconnect-0 8083:8083 ``` -8. Create connectors using sample JSON +### Create connectors using sample JSON ```shell cd gcs-connect # GCS example connector @@ -44,7 +49,7 @@ if successfully: {"name":"gcs-sink","config":{"name":"gcs-sink","connector.class":"io.confluent.connect.gcs.GcsSinkConnector","tasks.max":"1","topics":"topic-in-source","gcs.bucket.name":"lloyds-kafka-example","gcs.part.size":"5242880","flush.size":"1","gcs.credentials.path":"/mnt/secrets/gcs-service-account/service-account.json","storage.class":"io.confluent.connect.gcs.storage.GcsStorage","format.class":"io.confluent.connect.gcs.format.avro.AvroFormat","partitioner.class":"io.confluent.connect.storage.partitioner.DefaultPartitioner","schema.compatibility":"NONE","confluent.topic.bootstrap.servers":"kafka.sandbox.svc.cluster.local:9071","confluent.topic.replication.factor":"1","confluent.topic.ssl.truststore.location":"/mnt/sslcerts/truststore.p12","confluent.topic.ssl.truststore.password":"mystorepassword","confluent.topic.ssl.truststore.type":"PKCS12","confluent.topic.security.protocol":"SASL_SSL","confluent.topic.sasl.mechanism":"PLAIN","confluent.topic.sasl.jaas.config":"org.apache.kafka.common.security.plain.PlainLoginModule required username=\"connect\" password=\"connect-secret\";"},"tasks":[],"type":"sink"}* Closing connection 0 ``` -9. Produce some data to sync to bucket +### Produce some data to sync to bucket ```shell # exec into kafka pod kubectl exec -n sandbox -it kafka-0 -- bash diff --git a/stable/custom-connect-gcp-connectors/docker/Dockerfile b/stable/custom-connect-gcp-connectors/docker/Dockerfile index 192e718..ea5330d 100644 --- a/stable/custom-connect-gcp-connectors/docker/Dockerfile +++ b/stable/custom-connect-gcp-connectors/docker/Dockerfile @@ -1,4 +1,4 @@ -FROM confluentinc/cp-server-connect-operator:6.1.4.0 +FROM confluentinc/cp-server-connect-operator:6.1.5.0 USER root ENV CONNECT_PLUGIN_PATH="/usr/share/java,/usr/share/confluent-hub-components" diff --git a/stable/custom-connect-gcp-connectors/kustomization.yaml b/stable/custom-connect-gcp-connectors/kustomization.yaml index ba004fb..3ae5027 100644 --- a/stable/custom-connect-gcp-connectors/kustomization.yaml +++ b/stable/custom-connect-gcp-connectors/kustomization.yaml @@ -1,7 +1,6 @@ namespace: sandbox resources: - namespace.yaml - - ../../base/operator - ../../base/cfk-components/confluent-rbac - gcs-connect patchesStrategicMerge: diff --git a/stable/custom-connect-sql/README.md b/stable/custom-connect-sql/README.md index 713a2a5..638cb7c 100644 --- a/stable/custom-connect-sql/README.md +++ b/stable/custom-connect-sql/README.md @@ -8,16 +8,33 @@ In this example we go through the following process: NOTE: For ease of readability, we will simply reference the scripts that perform the actions of the following stages. For better understanding of what is actually being done, please review the scripts themselves which will have their own comments/notations. **Assumptions are that you will be running all commands from the present directory** + +## Features + +| Feature | Enabled | Note | +|:--------------------------------|:-------:|:------------------------------------| +| Kafka/Zookeeper | ✅ | | +| Control Center | ✅ | | +| Connect | ❌ | | +| Schema Registry | ❌ | | +| KSQL | ❌ | | +| TLS Encryption | ✅ | Self-signed certificates | +| Authentication | ✅ | RBAC | +| Authorization | ✅ | via LDAP and mTLS (inter-component) | +| SQL Server + Debezium connector | ✅ | | + + + ### Building the custom docker image The Dockerfile installs a custom plugin with the following line: `RUN confluent-hub install --no-prompt debezium/debezium-connector-sqlserver:1.6.0`. To build, run: ```shell cd docker && ./build-inside.sh && cd .. ``` -### Deploy CFK CRDs & Confluent Components -Deploy the CRDS using the standard way: +### Deploy Confluent Components +Deploy the components using the standard deployment approach: ```shell -kubectl apply -k ../../kustomize/crds && sleep 1 && kubectl apply -k . +kubectl apply -k . ``` ### Enable CDC on 'person' table of AdventureWorks Database CDC needs to be enabled on a table by table basis. This table is also referenced in the prod-mssql-connnector.json file. diff --git a/stable/custom-connect-sql/docker/Dockerfile b/stable/custom-connect-sql/docker/Dockerfile index d689e75..7fc6f28 100644 --- a/stable/custom-connect-sql/docker/Dockerfile +++ b/stable/custom-connect-sql/docker/Dockerfile @@ -1,4 +1,4 @@ -FROM confluentinc/cp-server-connect-operator:6.1.4.0 +FROM confluentinc/cp-server-connect-operator:6.1.5.0 USER root ENV CONNECT_PLUGIN_PATH="/usr/share/java,/usr/share/confluent-hub-components" RUN confluent-hub install --no-prompt debezium/debezium-connector-sqlserver:1.6.0 diff --git a/stable/custom-connect-sql/kustomization.yaml b/stable/custom-connect-sql/kustomization.yaml index 0bf8584..cc9eae8 100644 --- a/stable/custom-connect-sql/kustomization.yaml +++ b/stable/custom-connect-sql/kustomization.yaml @@ -3,6 +3,5 @@ kind: Kustomization namespace: sandbox resources: - namespace.yaml - - ../../base/operator - ../../base/cfk-components/confluent-rbac - custom-connect \ No newline at end of file diff --git a/stable/elastic-filebeat-kibana-logstash/README.md b/stable/elastic-filebeat-kibana-logstash/README.md deleted file mode 100644 index 0dd76cf..0000000 --- a/stable/elastic-filebeat-kibana-logstash/README.md +++ /dev/null @@ -1,19 +0,0 @@ -# Monitoring (JMX/Prometheus/Grafana) -In this example, we deploy an RBAC enabled Confluent cluster with Prometheus/Grafana integration. - -## Deploy Stack -From within this present directory(./examples/monitoring), run the following command: - -```shell -kubectl apply -k ../../kustomize/crds && sleep 1 && kubectl apply -k . -``` -Once all the pods are in a 'Running' status, we can start to investigate the rest of the stack. - -## Kibana -Kibana has a UI you can view by forwarding port 5601 with the following command, and then accessing `http://127.0.0.1:5601` from a local browser. -```shell -kubectl port-forward \ -$(kubectl get pods -n sandbox -l app=kibana -o name) \ -5601 --namespace sandbox -``` -## TODO - All working, but need to detail how to set up kibana (manual steps) \ No newline at end of file diff --git a/stable/external-mtls/README.md b/stable/external-mtls/README.md new file mode 100644 index 0000000..fca2110 --- /dev/null +++ b/stable/external-mtls/README.md @@ -0,0 +1,20 @@ +## External mTLS +In this example we will generate our own certificates, and use them in place on our endpoints + +| Feature | Enabled | Note | +|:----------------|:-------:|:------------------------------| +| Kafka/Zookeeper | ✅ | | +| Control Center | ✅ | | +| Connect | ❌ | | +| Schema Registry | ✅ | | +| KSQL | ❌ | | +| Rest Proxy | ✅ | | +| TLS Encryption | ✅ | External (not self generated) | +| Authentication | ✅ | | +| Authorization | ✅ | via LDAP | + + +* Generate a CA for certificate signing, which will be used for AutoGenerated certificate between the confluent components +* Use the same CA to generate a client certificate +* Write an ACL rule to allow client to write to topic +* Use client certificate to write to a topic using the stand alone rest proxy (new to CFK 2.2) \ No newline at end of file diff --git a/incubator/external-mtls/confluent/kafka.yaml b/stable/external-mtls/confluent/kafka.yaml similarity index 54% rename from incubator/external-mtls/confluent/kafka.yaml rename to stable/external-mtls/confluent/kafka.yaml index 6419a59..03b9fb5 100644 --- a/incubator/external-mtls/confluent/kafka.yaml +++ b/stable/external-mtls/confluent/kafka.yaml @@ -6,13 +6,6 @@ spec: configOverrides: server: - confluent.schema.registry.url=https://schemaregistry:8081 - - listener.name.internal.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler - - listener.name.external.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler - - listener.name.replication.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler - - authorizer.class.name=io.confluent.kafka.security.authorizer.ConfluentServerAuthorizer - - confluent.authorizer.access.rule.providers=ZK_ACL,CONFLUENT - log4j: - - log4j.logger.kafka.authorizer.logger=DEBUG metricReporter: enabled: true authentication: diff --git a/incubator/external-mtls/confluent/restproxy.yaml b/stable/external-mtls/confluent/restproxy.yaml similarity index 100% rename from incubator/external-mtls/confluent/restproxy.yaml rename to stable/external-mtls/confluent/restproxy.yaml diff --git a/incubator/external-mtls/confluent/zookeeper.yaml b/stable/external-mtls/confluent/zookeeper.yaml similarity index 100% rename from incubator/external-mtls/confluent/zookeeper.yaml rename to stable/external-mtls/confluent/zookeeper.yaml diff --git a/incubator/external-mtls/kustomization.yaml b/stable/external-mtls/kustomization.yaml similarity index 77% rename from incubator/external-mtls/kustomization.yaml rename to stable/external-mtls/kustomization.yaml index 376b550..bd28299 100644 --- a/incubator/external-mtls/kustomization.yaml +++ b/stable/external-mtls/kustomization.yaml @@ -1,8 +1,9 @@ namespace: sandbox resources: - - ../../base/operator - ../../base/cfk-components/confluent-rbac + - ../../base/cfk-components/confluent-rbac/schema-registry - ../../base/cfk-components/confluent-rbac/rest-proxy + - namespace.yaml patchesStrategicMerge: - confluent/kafka.yaml - confluent/zookeeper.yaml diff --git a/incubator/velero-restore/namespace.yaml b/stable/external-mtls/namespace.yaml similarity index 100% rename from incubator/velero-restore/namespace.yaml rename to stable/external-mtls/namespace.yaml diff --git a/incubator/external-mtls/tls-generation/alpha-client.json b/stable/external-mtls/tls-generation/alpha-client.json similarity index 100% rename from incubator/external-mtls/tls-generation/alpha-client.json rename to stable/external-mtls/tls-generation/alpha-client.json diff --git a/incubator/external-mtls/tls-generation/base-ca-config.json b/stable/external-mtls/tls-generation/base-ca-config.json similarity index 100% rename from incubator/external-mtls/tls-generation/base-ca-config.json rename to stable/external-mtls/tls-generation/base-ca-config.json diff --git a/incubator/external-mtls/tls-generation/base-ca-csr.json b/stable/external-mtls/tls-generation/base-ca-csr.json similarity index 100% rename from incubator/external-mtls/tls-generation/base-ca-csr.json rename to stable/external-mtls/tls-generation/base-ca-csr.json diff --git a/incubator/external-mtls/tls-generation/base-server-domain.json b/stable/external-mtls/tls-generation/base-server-domain.json similarity index 100% rename from incubator/external-mtls/tls-generation/base-server-domain.json rename to stable/external-mtls/tls-generation/base-server-domain.json diff --git a/incubator/external-mtls/tls-generation/ca-pair-sslcerts.yaml b/stable/external-mtls/tls-generation/ca-pair-sslcerts.yaml similarity index 100% rename from incubator/external-mtls/tls-generation/ca-pair-sslcerts.yaml rename to stable/external-mtls/tls-generation/ca-pair-sslcerts.yaml diff --git a/incubator/external-mtls/tls-generation/curl-commands.sh b/stable/external-mtls/tls-generation/curl-commands.sh similarity index 100% rename from incubator/external-mtls/tls-generation/curl-commands.sh rename to stable/external-mtls/tls-generation/curl-commands.sh diff --git a/incubator/external-mtls/tls-generation/generate_certificate.sh b/stable/external-mtls/tls-generation/generate_certificate.sh similarity index 100% rename from incubator/external-mtls/tls-generation/generate_certificate.sh rename to stable/external-mtls/tls-generation/generate_certificate.sh diff --git a/incubator/external-mtls/tls-generation/kustomization.yaml b/stable/external-mtls/tls-generation/kustomization.yaml similarity index 100% rename from incubator/external-mtls/tls-generation/kustomization.yaml rename to stable/external-mtls/tls-generation/kustomization.yaml diff --git a/stable/grafana-prometheus/kustomization.yaml b/stable/grafana-prometheus/kustomization.yaml index 3c69068..0c6a856 100644 --- a/stable/grafana-prometheus/kustomization.yaml +++ b/stable/grafana-prometheus/kustomization.yaml @@ -1,10 +1,10 @@ namespace: sandbox resources: - namespace.yaml - - ../../base/operator - - ../../base/cfk-components/confluent-rbac - - ../../resources/producers/4-producers-tls + - ../../base/cfk-components/confluent-no-auth-no-tls + - ../../resources/producers/4-producers-no-tls - grafana - prometheus + diff --git a/stable/grafana-prometheus/prometheus/alertmanager/clusterrole.yaml b/stable/grafana-prometheus/prometheus/alertmanager/clusterrole.yaml deleted file mode 100644 index 3a77abf..0000000 --- a/stable/grafana-prometheus/prometheus/alertmanager/clusterrole.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -# Source: prometheus/templates/alertmanager/clusterrole.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - component: "alertmanager" - app: prometheus - release: oso - chart: prometheus-14.6.0 - heritage: Helm - name: oso-prometheus-alertmanager -rules: - [] diff --git a/stable/grafana-prometheus/prometheus/alertmanager/cm.yaml b/stable/grafana-prometheus/prometheus/alertmanager/cm.yaml deleted file mode 100644 index a23ef21..0000000 --- a/stable/grafana-prometheus/prometheus/alertmanager/cm.yaml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# Source: prometheus/templates/alertmanager/cm.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - component: "alertmanager" - app: prometheus - release: oso - chart: prometheus-14.6.0 - heritage: Helm - name: oso-prometheus-alertmanager - namespace: default -data: - alertmanager.yml: | - global: {} - receivers: - - name: default-receiver - route: - group_interval: 5m - group_wait: 10s - receiver: default-receiver - repeat_interval: 3h diff --git a/stable/grafana-prometheus/prometheus/alertmanager/deploy.yaml b/stable/grafana-prometheus/prometheus/alertmanager/deploy.yaml deleted file mode 100644 index 2f33a7e..0000000 --- a/stable/grafana-prometheus/prometheus/alertmanager/deploy.yaml +++ /dev/null @@ -1,86 +0,0 @@ ---- -# Source: prometheus/templates/alertmanager/deploy.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - component: "alertmanager" - app: prometheus - release: oso - chart: prometheus-14.6.0 - heritage: Helm - name: oso-prometheus-alertmanager - namespace: default -spec: - selector: - matchLabels: - component: "alertmanager" - app: prometheus - release: oso - replicas: 1 - template: - metadata: - labels: - component: "alertmanager" - app: prometheus - release: oso - chart: prometheus-14.6.0 - heritage: Helm - spec: - serviceAccountName: oso-prometheus-alertmanager - containers: - - name: prometheus-alertmanager - image: "quay.io/prometheus/alertmanager:v0.21.0" - imagePullPolicy: "IfNotPresent" - env: - - name: POD_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - args: - - --config.file=/etc/config/alertmanager.yml - - --storage.path=/data - - --cluster.advertise-address=[$(POD_IP)]:6783 - - --web.external-url=http://localhost:9093 - - ports: - - containerPort: 9093 - readinessProbe: - httpGet: - path: /-/ready - port: 9093 - initialDelaySeconds: 30 - timeoutSeconds: 30 - resources: - {} - volumeMounts: - - name: config-volume - mountPath: /etc/config - - name: storage-volume - mountPath: "/data" - subPath: "" - - name: prometheus-alertmanager-configmap-reload - image: "jimmidyson/configmap-reload:v0.5.0" - imagePullPolicy: "IfNotPresent" - args: - - --volume-dir=/etc/config - - --webhook-url=http://127.0.0.1:9093/-/reload - resources: - {} - volumeMounts: - - name: config-volume - mountPath: /etc/config - readOnly: true - securityContext: - fsGroup: 65534 - runAsGroup: 65534 - runAsNonRoot: true - runAsUser: 65534 - volumes: - - name: config-volume - configMap: - name: oso-prometheus-alertmanager - - name: storage-volume - persistentVolumeClaim: - claimName: oso-prometheus-alertmanager diff --git a/stable/grafana-prometheus/prometheus/alertmanager/kustomization.yaml b/stable/grafana-prometheus/prometheus/alertmanager/kustomization.yaml deleted file mode 100644 index 33b9ddd..0000000 --- a/stable/grafana-prometheus/prometheus/alertmanager/kustomization.yaml +++ /dev/null @@ -1,9 +0,0 @@ -namespace: sandbox -resources: - - clusterrole.yaml - - clusterrolebinding.yaml - - cm.yaml - - deploy.yaml - - pvc.yaml - - service.yaml - - serviceaccount.yaml \ No newline at end of file diff --git a/stable/grafana-prometheus/prometheus/kafka-exporter/deploy.yaml b/stable/grafana-prometheus/prometheus/kafka-exporter/deploy.yaml new file mode 100644 index 0000000..30ab8b3 --- /dev/null +++ b/stable/grafana-prometheus/prometheus/kafka-exporter/deploy.yaml @@ -0,0 +1,27 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kafka-exporter +spec: + selector: + matchLabels: + app: kafka-exporter + replicas: 1 + template: + metadata: + labels: + component: "server" + app: kafka-exporter + spec: + enableServiceLinks: true + serviceAccountName: oso-prometheus-server + containers: + - name: kafka-exporter + image: "danielqsj/kafka-exporter:latest" + imagePullPolicy: Always + args: + - --kafka.server=kafka:9071 + ports: + - name: "kexporter" + containerPort: 9308 + protocol: TCP \ No newline at end of file diff --git a/stable/grafana-prometheus/prometheus/kafka-exporter/kustomization.yaml b/stable/grafana-prometheus/prometheus/kafka-exporter/kustomization.yaml new file mode 100644 index 0000000..61e1497 --- /dev/null +++ b/stable/grafana-prometheus/prometheus/kafka-exporter/kustomization.yaml @@ -0,0 +1,4 @@ +namespace: sandbox +resources: +- deploy.yaml +- service.yaml diff --git a/stable/grafana-prometheus/prometheus/kafka-exporter/service.yaml b/stable/grafana-prometheus/prometheus/kafka-exporter/service.yaml new file mode 100644 index 0000000..52a9184 --- /dev/null +++ b/stable/grafana-prometheus/prometheus/kafka-exporter/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: kafka-exporter + labels: + service: kafka-exporter-service +spec: + type: ClusterIP + ports: + - port: 9308 + name: "kexporter" + targetPort: 9308 + protocol: TCP + selector: + app: kafka-exporter diff --git a/stable/grafana-prometheus/prometheus/kafka-lag-exporter/configmap.yaml b/stable/grafana-prometheus/prometheus/kafka-lag-exporter/configmap.yaml deleted file mode 100644 index b7a97fb..0000000 --- a/stable/grafana-prometheus/prometheus/kafka-lag-exporter/configmap.yaml +++ /dev/null @@ -1,68 +0,0 @@ ---- -# Source: kafka-lag-exporter/templates/030-ConfigMap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: oso-kafka-lag-exporter-configmap - labels: - app.kubernetes.io/name: kafka-lag-exporter - helm.sh/chart: kafka-lag-exporter-0.6.7 - app.kubernetes.io/instance: oso - app.kubernetes.io/managed-by: Helm -data: - application.conf: | - kafka-lag-exporter { - port = 8000 - poll-interval = 30 seconds - lookup-table-size = 60 - client-group-id = "kafkalagexporter" - kafka-client-timeout = 10 seconds - clusters = [ - { - name = "sandbox" - bootstrap-brokers = "kafka.sandbox.svc.cluster.local:9092" - consumer-properties = { - sasl.jaas.config = "org.apache.kafka.common.security.plain.PlainLoginModule required username=\"kafka\" password=\"kafka-secret\";" - sasl.mechanism = "PLAIN" - security.protocol = "SASL_PLAINTEXT" - } - admin-client-properties = { - sasl.jaas.config = "org.apache.kafka.common.security.plain.PlainLoginModule required username=\"kafka\" password=\"kafka-secret\";" - sasl.mechanism = "PLAIN" - security.protocol = "SASL_PLAINTEXT" - } - labels = { - location = "london" - zone = "eu-west-1" - } - } - ] - watchers = { - strimzi = "false" - } - metric-whitelist = [ - ".*" - ] - } - - akka { - loggers = ["akka.event.slf4j.Slf4jLogger"] - loglevel = "DEBUG" - logging-filter = "akka.event.slf4j.Slf4jLoggingFilter" - } - logback.xml: | - - - - - - - %date{ISO8601} %-5level %logger{36} %X{akkaSource} - %msg %ex%n - - - - - - - - diff --git a/stable/grafana-prometheus/prometheus/kafka-lag-exporter/deployment.yaml b/stable/grafana-prometheus/prometheus/kafka-lag-exporter/deployment.yaml deleted file mode 100644 index a531d8f..0000000 --- a/stable/grafana-prometheus/prometheus/kafka-lag-exporter/deployment.yaml +++ /dev/null @@ -1,59 +0,0 @@ ---- -# Source: kafka-lag-exporter/templates/040-Deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: oso-kafka-lag-exporter - labels: - app.kubernetes.io/name: kafka-lag-exporter - helm.sh/chart: kafka-lag-exporter-0.6.7 - app.kubernetes.io/instance: oso - app.kubernetes.io/managed-by: Helm -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: kafka-lag-exporter - app.kubernetes.io/instance: oso - template: - metadata: - labels: - app.kubernetes.io/name: kafka-lag-exporter - app.kubernetes.io/instance: oso - spec: - serviceAccountName: oso-kafka-lag-exporter-serviceaccount - containers: - - name: kafka-lag-exporter - image: lightbend/kafka-lag-exporter:0.6.7 - imagePullPolicy: Always - ports: - - name: http - containerPort: 8000 - protocol: TCP - livenessProbe: - httpGet: - path: / - port: http - initialDelaySeconds: 30 - periodSeconds: 15 - timeoutSeconds: 30 - failureThreshold: 3 - successThreshold: 1 - readinessProbe: - httpGet: - path: / - port: http - initialDelaySeconds: 30 - periodSeconds: 5 - timeoutSeconds: 30 - failureThreshold: 3 - successThreshold: 1 - volumeMounts: - - name: config-volume - mountPath: /opt/docker/conf/ - resources: - {} - volumes: - - name: config-volume - configMap: - name: oso-kafka-lag-exporter-configmap \ No newline at end of file diff --git a/stable/grafana-prometheus/prometheus/kafka-lag-exporter/kustomization.yaml b/stable/grafana-prometheus/prometheus/kafka-lag-exporter/kustomization.yaml deleted file mode 100644 index 1dc187d..0000000 --- a/stable/grafana-prometheus/prometheus/kafka-lag-exporter/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ -namespace: sandbox -resources: -- serviceaccount.yaml -- configmap.yaml -- deployment.yaml -- service.yaml \ No newline at end of file diff --git a/stable/grafana-prometheus/prometheus/kafka-lag-exporter/service.yaml b/stable/grafana-prometheus/prometheus/kafka-lag-exporter/service.yaml deleted file mode 100644 index a9fc299..0000000 --- a/stable/grafana-prometheus/prometheus/kafka-lag-exporter/service.yaml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Source: kafka-lag-exporter/templates/050-Service.yaml -apiVersion: v1 -kind: Service -metadata: - name: oso-kafka-lag-exporter-service - labels: - app.kubernetes.io/name: kafka-lag-exporter - helm.sh/chart: kafka-lag-exporter-0.6.7 - app.kubernetes.io/instance: oso - app.kubernetes.io/managed-by: Helm - jobLabel: oso-kafka-lag-exporter - annotations: - prometheus.io/path: /metrics - prometheus.io/port: "8000" - prometheus.io/scrape: "true" -spec: - type: ClusterIP - ports: - - port: 8000 - targetPort: 8000 - protocol: TCP - name: http - selector: - app.kubernetes.io/name: kafka-lag-exporter - app.kubernetes.io/instance: oso diff --git a/stable/grafana-prometheus/prometheus/kafka-lag-exporter/serviceaccount.yaml b/stable/grafana-prometheus/prometheus/kafka-lag-exporter/serviceaccount.yaml deleted file mode 100644 index a3f6632..0000000 --- a/stable/grafana-prometheus/prometheus/kafka-lag-exporter/serviceaccount.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -# Source: kafka-lag-exporter/templates/000-ServiceAccount.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: oso-kafka-lag-exporter-serviceaccount - labels: - app.kubernetes.io/name: kafka-lag-exporter - helm.sh/chart: kafka-lag-exporter-0.6.7 - app.kubernetes.io/instance: oso - app.kubernetes.io/managed-by: Helm diff --git a/stable/grafana-prometheus/prometheus/kustomization.yaml b/stable/grafana-prometheus/prometheus/kustomization.yaml index e6f01a2..6b49192 100644 --- a/stable/grafana-prometheus/prometheus/kustomization.yaml +++ b/stable/grafana-prometheus/prometheus/kustomization.yaml @@ -1,6 +1,7 @@ namespace: sandbox resources: - server -- node-exporter -- alertmanager -- kafka-lag-exporter +- kafka-exporter +#- node-exporter +#- alertmanager +#- kafka-lag-exporter diff --git a/stable/grafana-prometheus/prometheus/node-exporter/daemonset.yaml b/stable/grafana-prometheus/prometheus/node-exporter/daemonset.yaml deleted file mode 100644 index 6078939..0000000 --- a/stable/grafana-prometheus/prometheus/node-exporter/daemonset.yaml +++ /dev/null @@ -1,74 +0,0 @@ ---- -# Source: prometheus/templates/node-exporter/daemonset.yaml -apiVersion: apps/v1 -kind: DaemonSet -metadata: - labels: - component: "node-exporter" - app: prometheus - release: oso - chart: prometheus-14.6.0 - heritage: Helm - name: oso-prometheus-node-exporter - namespace: default -spec: - selector: - matchLabels: - component: "node-exporter" - app: prometheus - release: oso - updateStrategy: - type: RollingUpdate - template: - metadata: - labels: - component: "node-exporter" - app: prometheus - release: oso - chart: prometheus-14.6.0 - heritage: Helm - spec: - serviceAccountName: oso-prometheus-node-exporter - containers: - - name: prometheus-node-exporter - image: "quay.io/prometheus/node-exporter:v1.1.2" - imagePullPolicy: "IfNotPresent" - args: - - --path.procfs=/host/proc - - --path.sysfs=/host/sys - - --path.rootfs=/host/root - - --web.listen-address=:9100 - ports: - - name: metrics - containerPort: 9100 - hostPort: 9100 - resources: - {} - volumeMounts: - - name: proc - mountPath: /host/proc - readOnly: true - - name: sys - mountPath: /host/sys - readOnly: true - - name: root - mountPath: /host/root - mountPropagation: HostToContainer - readOnly: true - hostNetwork: true - hostPID: true - securityContext: - fsGroup: 65534 - runAsGroup: 65534 - runAsNonRoot: true - runAsUser: 65534 - volumes: - - name: proc - hostPath: - path: /proc - - name: sys - hostPath: - path: /sys - - name: root - hostPath: - path: / diff --git a/stable/grafana-prometheus/prometheus/node-exporter/kustomization.yaml b/stable/grafana-prometheus/prometheus/node-exporter/kustomization.yaml deleted file mode 100644 index c199f8e..0000000 --- a/stable/grafana-prometheus/prometheus/node-exporter/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -namespace: sandbox -resources: - - daemonset.yaml - - serviceaccount.yaml - - svc.yaml \ No newline at end of file diff --git a/stable/grafana-prometheus/prometheus/node-exporter/svc.yaml b/stable/grafana-prometheus/prometheus/node-exporter/svc.yaml deleted file mode 100644 index 6729f84..0000000 --- a/stable/grafana-prometheus/prometheus/node-exporter/svc.yaml +++ /dev/null @@ -1,27 +0,0 @@ ---- -# Source: prometheus/templates/node-exporter/svc.yaml -apiVersion: v1 -kind: Service -metadata: - annotations: - prometheus.io/scrape: "true" - labels: - component: "node-exporter" - app: prometheus - release: oso - chart: prometheus-14.6.0 - heritage: Helm - name: oso-prometheus-node-exporter - namespace: default -spec: - clusterIP: None - ports: - - name: metrics - port: 9100 - protocol: TCP - targetPort: 9100 - selector: - component: "node-exporter" - app: prometheus - release: oso - type: "ClusterIP" diff --git a/stable/grafana-prometheus/prometheus/server/cm.yaml b/stable/grafana-prometheus/prometheus/server/cm.yaml index 93a0115..47fff76 100644 --- a/stable/grafana-prometheus/prometheus/server/cm.yaml +++ b/stable/grafana-prometheus/prometheus/server/cm.yaml @@ -30,55 +30,36 @@ data: - job_name: "prometheus" static_configs: - targets: ["localhost:9090"] - - job_name: "node-exporter" + - job_name: "zookeeper" static_configs: - - targets: ["node-exporter:9100"] + - targets: [ + "zookeeper:7778" + ] relabel_configs: - source_labels: [__address__] target_label: hostname regex: '([^:]+)(:[0-9]+)?' replacement: '${1}' - - job_name: "zookeeper" + - job_name: "kafka-broker" static_configs: - targets: [ - "zookeeper:7203" + "kafka:7778" ] relabel_configs: - source_labels: [__address__] target_label: hostname regex: '([^:]+)(:[0-9]+)?' replacement: '${1}' - - job_name: "kafka-broker" + - job_name: "kafka-exporter" static_configs: - - targets: ["kafka-1-internal:7203","kafka-2-internal:7203","kafka-3-internal:7203"] + - targets: [ + "kafka-exporter:9308" + ] relabel_configs: - source_labels: [__address__] target_label: hostname regex: '([^:]+)(:[0-9]+)?' replacement: '${1}' - alerting: - alertmanagers: - - kubernetes_sd_configs: - - role: pod - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - relabel_configs: - - source_labels: [__meta_kubernetes_namespace] - regex: default - action: keep - - source_labels: [__meta_kubernetes_pod_label_app] - regex: prometheus - action: keep - - source_labels: [__meta_kubernetes_pod_label_component] - regex: alertmanager - action: keep - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_probe] - regex: .* - action: keep - - source_labels: [__meta_kubernetes_pod_container_port_number] - regex: "9093" - action: keep recording_rules.yml: | {} rules: | diff --git a/stable/monitoring/README.md b/stable/monitoring/README.md new file mode 100644 index 0000000..444a0ab --- /dev/null +++ b/stable/monitoring/README.md @@ -0,0 +1,29 @@ +# Monitoring +This example show a typical monitoring configuration made up of Prometheus/Grafana for JMX metrics, and Logstash/Kibana for log handling. + +## Features + +| Feature | Enabled | Note | +|:----------------|:-------:|:------------------------------------| +| Kafka/Zookeeper | ✅ | | +| Control Center | ✅ | | +| Connect | ❌ | | +| Schema Registry | ❌ | | +| KSQL | ❌ | | +| TLS Encryption | ✅ | Self-signed certificates | +| Authentication | ✅ | RBAC | +| Authorization | ✅ | via LDAP and mTLS (inter-component) | +| Prometheus | ✅ | | +| Grafana | ✅ | | +| Logstash | ✅ | | +| Kibana | ✅ | | + + +## Kibana +Kibana has a UI you can view by forwarding port 5601 with the following command, and then accessing `http://127.0.0.1:5601` from a local browser. +```shell +kubectl port-forward \ +$(kubectl get pods -n sandbox -l app=kibana -o name) \ +5601 --namespace sandbox +``` +## TODO - All working, but need to detail how to set up kibana (manual steps) \ No newline at end of file diff --git a/stable/elastic-filebeat-kibana-logstash/elasticsearch/kustomization.yaml b/stable/monitoring/elasticsearch/kustomization.yaml similarity index 100% rename from stable/elastic-filebeat-kibana-logstash/elasticsearch/kustomization.yaml rename to stable/monitoring/elasticsearch/kustomization.yaml diff --git a/stable/elastic-filebeat-kibana-logstash/elasticsearch/poddisruptionbudget.yaml b/stable/monitoring/elasticsearch/poddisruptionbudget.yaml similarity index 100% rename from stable/elastic-filebeat-kibana-logstash/elasticsearch/poddisruptionbudget.yaml rename to stable/monitoring/elasticsearch/poddisruptionbudget.yaml diff --git a/stable/elastic-filebeat-kibana-logstash/elasticsearch/service.yaml b/stable/monitoring/elasticsearch/service.yaml similarity index 100% rename from stable/elastic-filebeat-kibana-logstash/elasticsearch/service.yaml rename to stable/monitoring/elasticsearch/service.yaml diff --git a/stable/elastic-filebeat-kibana-logstash/elasticsearch/statefulset.yaml b/stable/monitoring/elasticsearch/statefulset.yaml similarity index 100% rename from stable/elastic-filebeat-kibana-logstash/elasticsearch/statefulset.yaml rename to stable/monitoring/elasticsearch/statefulset.yaml diff --git a/stable/elastic-filebeat-kibana-logstash/filebeat/clusterrole.yaml b/stable/monitoring/filebeat/clusterrole.yaml similarity index 100% rename from stable/elastic-filebeat-kibana-logstash/filebeat/clusterrole.yaml rename to stable/monitoring/filebeat/clusterrole.yaml diff --git a/stable/elastic-filebeat-kibana-logstash/filebeat/clusterrolebinding.yaml b/stable/monitoring/filebeat/clusterrolebinding.yaml similarity index 100% rename from stable/elastic-filebeat-kibana-logstash/filebeat/clusterrolebinding.yaml rename to stable/monitoring/filebeat/clusterrolebinding.yaml diff --git a/stable/elastic-filebeat-kibana-logstash/filebeat/configmap.yaml b/stable/monitoring/filebeat/configmap.yaml similarity index 100% rename from stable/elastic-filebeat-kibana-logstash/filebeat/configmap.yaml rename to stable/monitoring/filebeat/configmap.yaml diff --git a/stable/elastic-filebeat-kibana-logstash/filebeat/daemonset.yaml b/stable/monitoring/filebeat/daemonset.yaml similarity index 100% rename from stable/elastic-filebeat-kibana-logstash/filebeat/daemonset.yaml rename to stable/monitoring/filebeat/daemonset.yaml diff --git a/stable/elastic-filebeat-kibana-logstash/filebeat/deployment.yaml b/stable/monitoring/filebeat/deployment.yaml similarity index 100% rename from stable/elastic-filebeat-kibana-logstash/filebeat/deployment.yaml rename to stable/monitoring/filebeat/deployment.yaml diff --git a/stable/elastic-filebeat-kibana-logstash/filebeat/kustomization.yaml b/stable/monitoring/filebeat/kustomization.yaml similarity index 100% rename from stable/elastic-filebeat-kibana-logstash/filebeat/kustomization.yaml rename to stable/monitoring/filebeat/kustomization.yaml diff --git a/stable/elastic-filebeat-kibana-logstash/filebeat/serviceaccount.yaml b/stable/monitoring/filebeat/serviceaccount.yaml similarity index 100% rename from stable/elastic-filebeat-kibana-logstash/filebeat/serviceaccount.yaml rename to stable/monitoring/filebeat/serviceaccount.yaml diff --git a/stable/elastic-filebeat-kibana-logstash/kibana/deployment.yaml b/stable/monitoring/kibana/deployment.yaml similarity index 100% rename from stable/elastic-filebeat-kibana-logstash/kibana/deployment.yaml rename to stable/monitoring/kibana/deployment.yaml diff --git a/stable/elastic-filebeat-kibana-logstash/kibana/kustomization.yaml b/stable/monitoring/kibana/kustomization.yaml similarity index 100% rename from stable/elastic-filebeat-kibana-logstash/kibana/kustomization.yaml rename to stable/monitoring/kibana/kustomization.yaml diff --git a/stable/elastic-filebeat-kibana-logstash/kibana/service.yaml b/stable/monitoring/kibana/service.yaml similarity index 100% rename from stable/elastic-filebeat-kibana-logstash/kibana/service.yaml rename to stable/monitoring/kibana/service.yaml diff --git a/stable/elastic-filebeat-kibana-logstash/kustomization.yaml b/stable/monitoring/kustomization.yaml similarity index 89% rename from stable/elastic-filebeat-kibana-logstash/kustomization.yaml rename to stable/monitoring/kustomization.yaml index 7d6f377..6079409 100644 --- a/stable/elastic-filebeat-kibana-logstash/kustomization.yaml +++ b/stable/monitoring/kustomization.yaml @@ -1,7 +1,6 @@ namespace: sandbox resources: - namespace.yaml - - ../../base/operator - ../../base/cfk-components/confluent-rbac - ../../resources/producers/1-producer-tls - elasticsearch diff --git a/stable/elastic-filebeat-kibana-logstash/logstash/cm.yaml b/stable/monitoring/logstash/cm.yaml similarity index 100% rename from stable/elastic-filebeat-kibana-logstash/logstash/cm.yaml rename to stable/monitoring/logstash/cm.yaml diff --git a/stable/elastic-filebeat-kibana-logstash/logstash/kustomization.yaml b/stable/monitoring/logstash/kustomization.yaml similarity index 100% rename from stable/elastic-filebeat-kibana-logstash/logstash/kustomization.yaml rename to stable/monitoring/logstash/kustomization.yaml diff --git a/stable/elastic-filebeat-kibana-logstash/logstash/poddisruptionbudget.yaml b/stable/monitoring/logstash/poddisruptionbudget.yaml similarity index 100% rename from stable/elastic-filebeat-kibana-logstash/logstash/poddisruptionbudget.yaml rename to stable/monitoring/logstash/poddisruptionbudget.yaml diff --git a/stable/elastic-filebeat-kibana-logstash/logstash/service-headless.yaml b/stable/monitoring/logstash/service-headless.yaml similarity index 100% rename from stable/elastic-filebeat-kibana-logstash/logstash/service-headless.yaml rename to stable/monitoring/logstash/service-headless.yaml diff --git a/stable/elastic-filebeat-kibana-logstash/logstash/statefulset.yaml b/stable/monitoring/logstash/statefulset.yaml similarity index 100% rename from stable/elastic-filebeat-kibana-logstash/logstash/statefulset.yaml rename to stable/monitoring/logstash/statefulset.yaml diff --git a/stable/elastic-filebeat-kibana-logstash/namespace.yaml b/stable/monitoring/namespace.yaml similarity index 100% rename from stable/elastic-filebeat-kibana-logstash/namespace.yaml rename to stable/monitoring/namespace.yaml diff --git a/stable/vault-key-value/confluent/control-centre.yaml b/stable/vault-key-value/confluent/control-centre.yaml index 0de4ce3..5ca07bd 100644 --- a/stable/vault-key-value/confluent/control-centre.yaml +++ b/stable/vault-key-value/confluent/control-centre.yaml @@ -36,8 +36,7 @@ spec: kafka: bootstrapEndpoint: kafka:9071 authentication: - jaasConfig: - $patch: delete + jaasConfig: null type: plain jaasConfigPassThrough: directoryPathInContainer: /vault/secrets diff --git a/stable/vault-key-value/kustomization.yaml b/stable/vault-key-value/kustomization.yaml index 70ae229..5cd2ab7 100644 --- a/stable/vault-key-value/kustomization.yaml +++ b/stable/vault-key-value/kustomization.yaml @@ -1,7 +1,6 @@ namespace: sandbox resources: - namespace.yaml - - ../../base/operator - ../../base/cfk-components/confluent-rbac - vault patchesStrategicMerge: